Unlurker|Replay|About
Ask HN: Do You Enjoy Your Career in Tech Nowadays?
> After a few conversations with seniors, several of them feel jaded and are looking for an exit from this industry altogether. Why? This is the best time to be in this industry. Never been a better time to join.
Do you feel optimistic about employment in the future? I suppose that I agree to a certain extent - I feel less exhausted at the end of each day, I think, because a lot of the tedium of dealing with boilerplate and implementation details can be smoothed away with AI. I do enjoy my current position more than I have ever before. But I don't know if I'm optimistic about the future. I think software engineers are still essential, or at least that the skill of software engineering is still essential, but I don't know if the market will have fully internalized that knowledge soon enough. What do you think?
I enjoy development as much as ever. However, the industry has changed and is behaving in ways that I find highly ethically objectionable. I have come to think that, on the whole, our industry is doing much more harm than good to people and the world at large. I cannot support that, so I'm absolutely exiting.
very interesting perspective, something that several people I speak with have touched on. I wish you all the best!
'Execution at sea': Was the Iranian ship sunk by US in the Indian Ocean unarmed? (thestatesman.com)
The USA cares for no law, follows no law, and respects no law.
Wrong place, wrong time. Maybe Iran's rockets are also unarmed.
For a president and party who refuse to declare a war, its paradoxical to claim this is a valid wartime target if there is, in fact, no war...
Why? If you care about the rules based order that we have mostly try to adhere to for decades, all of this is an enormous attack on it. Is the United States at war or not? What basis is there to sink a frigate leaving a naval wargame exercise? Was it planning to bomb Diego Garcia?
What basis was there to sink several smaller south-american boats in the course of the past months? Alleged drug smuggling, which is not punishable by death afaik, and they still murdered those people.
Pentagon Formally Labels Anthropic Supply-Chain Risk (wsj.com)
The government's demand that the product they purchase can be used for all lawful purposes seems pretty reasonable, and is really the only valid line to draw. Forcing one's own ethics onto an elected government's use of your product is nonsensical on its face.
I am a political moderate who dislikes both the Democrats and Republicans. I think that I have been fair to the Trump administration in the past, including occasionally defending them from some of the less reality-based accusations against them. I canceled my ChatGPT subscription a couple of days ago. In my opinion the Trump administration has become far too much of an "imperial Presidency" in its acts of war and its attempts to bully companies. It is also corrupt on a massive scale. I distrust anyone who thinks "yes, I'd like to work with this administration".
Writing out a thought I had, someone please critique my reasoning here... What if Anthropic just shrugged, dissolved the company and open-sourced all of the Opus weights? Could this harm OpenAI and advance AI in a reasonable way? Look I know it's an insane idea. I'm just curious what the most unhinged response to this might be.
Previous information: https://news.ycombinator.com/item?id=47186677 I am directing the Department of War to designate Anthropic a supply-chain risk (twitter.com/secwar) 5 days ago, 1083+ comments https://news.ycombinator.com/item?id=47189441 Anthropic says it will challenge Pentagon supply chain risk designation in court (reuters.com) 5 days ago, 37+ comments
Of course. Hegseth said it, there is no way they could back out. Looking 'weak' is the worst possible thing for this admin. They would rather look childish, stupid, and evil, as long as they don't look 'weak'. Especially 'weak' things like 'caring about people'.
It might be that this admin does not have the capacity to reason about second or third order effects. But given that what would typically be red lines for previous administrations have been brazenly crossed without consequences, why would they bother?
Crossing red lines for previous administrations is clearly a goal at this point.
So, DoW has done what it said it would. And OpenAI has jumped on the opportunity. I'm curious what'll openai signatories on notdivided.org do now - https://news.ycombinator.com/item?id=47188473 Remain undivided in spirit while grinding for OpenAI?
They'll do nothing. It's really hard to take the morals of these devs seriously when they're already fine working for, and have a history with, some of the most evil companies in current existence.
Has this happened before?
If you have just dictated terms of use for a military asset to the military that acquired it how are you not a supply chain risk? At the very least it demonstrated supreme naivete at the highest corporate levels. There are game theoretic reasons why a military should never accept any external restrictions on an asset.
Anthropic and the military had a contract. The military wanted to change the terms of that contract. Anthropic said no, which is their clearly defined contractual right. They got labeled a supply chain risk. How is this anything other than a shakedown? Does contract law mean anything to this administration?
Because it's not a military asset? It's a privately-owned asset.
> Because it's not a military asset? It's a privately-owned asset. Are you under the impression that the military is submitting Anthropic API calls? Whatever model the military is using is as much of an asset as the F35 they purchased. Depending on their agreements, you could argue it's a rented asset. Doesn't change any calculus.
status.claude.com shows the uptime for the government cloud service. It's running in-part on an AWS server.
Naturally OpenAI also releases their new model on the same day. Makes sense, obviously, but yeesh.
Is this the reason Claude models disappeared from AWS cloud in Brazil?
[dead]
Mark Levin is that you?
Since the end of WW2, and especially since the end of the Cold War, Democratic administrations have presided over significantly higher job growth than Republican administrations. https://arc-anglerfish-washpost-prod-washpost.s3.amazonaws.com/public/ZXZLAMEEVJHZRDDY5LGDFZ3OEQ.png
this isn't on topic at all
I think the implication is that democratic presidents are less likely to do dumb shit like this, which harms the economy.
First, I personally predict, for myself, Anthropic will bend soon and this will be history. The last I commented about LLMs I was ad hominem'd with "schizophrenic" and such. That's annoying but doesn't deter either my strange research or concerns, in this case, regarding the direction LLMs are heading. Of 4 frontier models, one is not yet connected to the DOD(or w). While such connections are not immediate evidence, I think it's rational to consider possible consequences of this arrangement. By title, there's a gap, real or perceived between the plebeian and mil version. But the relationship could involve mission creep or additional strings as things progress. We have already a strong trend for these models replacing conventional Internet searches. Not consummate yet, there is a centralizing force occuring, and despite being trained on enormous bodies of data, we know weights and safety rails can affect output, and bearing in mind the many things that could be labeled or masquerade as safety rails, could be formidable biases. I frequently observe corporate friendly results in my model interactions, where clearly, honesty and integrity are secondary to agenda. As I often say this is not emergent, nor does it need be. Meanwhile we see LLMs being integrated into nearly everything, from browsers to social profiling companies (lexis nexis, palantir, etc) to email to local shopping centers and the legal system. 'Open' models cannot compete with the budgets of the big four. Though thank god they exist. But I expect serious regulation attempts soon. My concerns with AI are manifold, and here on hn, affiliated by some, with paranoia or worse. And it seems to me, many of the most knowledgeable and informed underestimate LLMs the most, while the ignorant conflate them to presently unrealistic degrees. But every which way I perceive this technology, I see epic, paradigm smashing, severe implications in every direction. One thing of many that gets little attention is documentation vs reality regarding multiple aspects of AI, e.g. where the training vs privacy boundaries really are if anywhere. As they integrate more and more tightly with common everyday activities, they will learn more and more. A random concern of mine is illustrated by the Xfinity microwave technology which uses a router to visualize or process biological activity interacting with other wifi signals. Standalone, it's sensitive enough to determine animals from adult humans. Take for example the Range-R, a handheld device, sensitive enough to detect breathing through several walls. Well, mix this with AI and we get interesting times. I could go on, or post essays, but I such is not well received in this savage land. The military intervention with AI, aside from being objectively necessary or inevitable in some ways (ways I am not comfortable with), I find it foreboding, or portending. I see very little discussion on the implications, so figured I see if anyone had anything to say other than to call me a schizophrenic and criticize my writing. * *See comment history
I may look at your comment history. I am having trouble understanding what you are saying. If you were more explicit I and other people would be able to respond and interact with your writing. As it stands, I am having trouble finding anything concrete to interact with. I feel you may be onto something, but you're not saying, so I (and I imagine other people) can't see it.
Anthropic already had a deal via Planitir so it seems it's models are used in a variety of ways by the pentagon. The reports about Venezuela and Iran seem to suggest it's primary role was processing bulk intel. But also that it was being used in planning and target selection. Presumably what spoked Anthropic was that these tools were about to be directed internally. But it's not clear if this is a point of principle that the government wants no holds barred with it's tools?
Anthropic was very clear about the usage restrictions: They didn't want them being used to control autonomous kill drones or mass surveillance of the American public. That's it. DoW didn't like that -- for reasons that will probably soon become apparent.
either you allow a democratically elected government to do everything they want that is legal, or you insert private corporate decision-making into every government decision which is untenable
Sure... So the USA of Trump have just decided to stop themselves and all their military suppliers from using the very best coding tools. I suppose the USA's frenemies will jump on the occasion and use the incredible opportunity offered to them in a silver platter.
You're missing the huge step that the government asking for "all legal uses" terminology is also who decides what is legal. Congress isn't willing to act as a check on executive power, meaning the contract they demanded simply says "I do what I want."
Exported all my chats and deleted my ChatGPT account yesterday. The current administration not liking you is the strongest signal I could possibly have to go all in on a particular company.
The enemy of your enemy is not your friend. I also lean towards Anthropic on this one issue , but their CEO still wants to make us all unemployed.
And Altman doesn’t? If I have to give money to one of them in order to keep my job, and it’s increasingly looking like that’s the case, I’ll pick the one who is at least not a serial liar and a stool pigeon for the Mad King.
Work is not good per-se.
Eh, they are all morally indefensible. Anthropic had no problems to do business with the current administration until now. Are we to pretend it was all for happy purposes until now?
Yeah how could Anthropic do business with the democratically elected government of the United States?
Let‘s ignore all the bad things they have done since that, including killing two US citizens.
Thanks, I had deleted the app from all my devices but not deleted the account. I have deleted my account now too.
[dead]
That's not civil disobedience. It's voting with your wallet.
Maybe look up civil disobedience?
Are you able to view your chats through the .html file in the export? Mine are all garbled, like the JSON's not being parsed properly or something.
Been going on for a long time https://en.wikipedia.org/wiki/Regulatory_capture
There is a substantial difference between the standard lobbying and greasing the legislative wheels, and what's going on with this current administration. Even if companies were pretending to play by the rules before, at least they had some need to put in the effort to pretend. When a society can see belligerent ostentatious corruption going on as the norm, nothing good can follow.
> I said it before and I say it again: If openly bribing a crony gov to cancel your competitor is now the de-facto standard of making business in the US, I don't see how any rational investor could still see US companies as a secure investment. Arguably large parts of the market in the US have been irrational and largely vibes based for a long time at this point. This action (like many others coming out of the Trump administration) adds to the chaos but I tend to doubt it will be the event that causes Wile E. Coyote to look down.
> I don't see how any rational investor could still see US companies as a secure investment. You don't see how? Well, just watch and wait, and you will see that this will have essentially zero effect on US investment. It's petty and sad, but nothing ever happens. Who else is even in the conversation? China? They would never do something like this!
Isn’t it actually quite fair that if you are not compliant with whatever the government wants you to do you will be supplying chain risk? For example from history we know that Schindler from Schindler's List was indeed a supply chain risk. He harbored persecuted people, he took and sabotaged government contracts. He did the moral but anti-government and illegal things. He was corrupt traitor from governments perspective. The current US government already is labeled as fascist by many, the guy who designated Anthropic supply chain risk is allegedly a war criminal. I don’t see why anyone not into these things would not be a supply chain risk. I know that its very unpopular or divisive to say this but Anthropic can be a hero only after all this is over. At this time people in charge do double tap on survivors and take pride for not having conscience, they give speeches about these things.
[delayed]
It's not an "implementation detail." Either obeying contract law subjects you to being designated a supply-chain risk, or it does not, and that decision has ramifications outside this "implementation."
Irrelevant. The president holds all the cards, he is above the law and you are a supply chain risk if you ask anything else other than “how high” when you are told to jump. Laws or contracts are things in the past. The most a contract can do is define your limits and obligations, not your rights or privileges,
> The president holds all the cards, he is above the law This is provably not true. The fastest way for this to become true is to believe it, or at least to parrot it, even in a facetious way.
You got downvoted a bit but I upvoted. You're clearly being descriptive in your statements, not prescriptive. I tend to agree that this is how things are now. Our country is not being run by the rule of law right now.
Huh, and I thought conservatives were all about government staying our of the way of the private sector. Go figure...
They're not conservatives.
[dead]
In an article that discusses Pentagon doing stupid shit? :)
I’d like a lawyer to give some input. If you have a company that deals with the military does this chain down to not being allowed to use Claude or not?
IANAL and this is my understanding of the situation (I can be completely wrong) but yes, any company that deals with military cant use Claude (anthropic) In fact adding onto it, IIRC this is the reason why google and amazon have to divest essentially from Anthropic if they want Govt. contracts Hope this helps though a lawyer's input will definitely be more credible. So its good for them to respond as well.
Every action has an opposite reaction. The DoD has made itself riskier to do business with, and future contacts will have to price that risk in.
In Hegseth's voice - No longer politically correct "DoD". It's precisely violent DoW now.
The DoD has been rather consistent that they will decide what to do with a product sold to them, not some random vendor. There is nothing extra to "price in".
The "extra" is that the government is now attempting to unilaterally renegotiate contracts, and if the contractor disagrees, not only do they terminate the agreement but they restrict how other companies to work with you.
We can all thank the VCs and CEOs who fully embraced and enabled this administration
And 32% of eligible voters that thought Kamala would've been worse.
Don't blame the voters, they didn't get to pick her and did not run her campaign.
We're all trying to find the guy who did this!
Trump fires Homeland Security Secretary Noem after criticism (apnews.com)
Win-wise, it does show the administration is still at least somewhat vulnerable to public outcry and backlash. That's a good thing.
I repeat, if a company could break the law, and escape accountability by moving the figurehead to a different department, and putting a different asshole in her place... what sort of accountability is there? I should just make a government where there are 365 DHS leaders, and if you want to get accountability about what the DHS did yesterday, well, lucky you, that DHS leader lost her job at midnight last night! That makes me think of the UK government, where utter fuckheads resign because they did something embarassing, and a few months later get called back into government. Peter Mandelson (friend of Epstein) for Department for Children, Schools and Families when?
She's been fired; they made up a new position for her that's clearly to keep her under their thumb rather than be a free agent. Any accountability beyond that is gonna need an election first.
I don’t see evidence for that. She expressed ambition to run for President. That threatened the secretive succession plan around Trump.
Remotely unlocking an encrypted hard disk (jyn.dev)
I recently ported the WiFi hook to support systemd based initramfs so you could autoconnect via your WiFi to unlock your device. Give it a go: https://aur.archlinux.org/packages/mkinitcpio-wifi
A long time ago, I built my own crashcart adapter with a raspberry pi and a teensy to do something similar. I would sometimes get weird mdadm errors that would hang the boot process and other times, a reboot or power loss wouldn't actually cause the PC to boot back up. The teensy did USB HID emulation for keyboard inputs. I added the ability to push the power button with a fet and some resistors. I had a cheap VGA to composite adapter going into a USB composite capture device so I could at least get screenshots for any weird boot messages. I built a small webpage using flask to display the screenshot, allow for text input, control inputs, and to push the power button. It was a lot of fun building but a basement flood completely wrecked it. Server was sitting on a 6in platform but the crashcart had fallen off the top of the case and was laying on the ground. Oops.
FYI your decryption key can be MITMed during this process by anyone with physical access to the system, which defeats the purpose of encrypting the disk in the first place. Just use dm-verity for remote servers.
US asked Ukraine for help fighting Iranian drones, Zelensky says (bbc.com)
We'll soon have drones fighting drones, with few or no lives at risk. Like countries burning piles of money until one runs out.
That is already happening in Ukraine.
>the USA/allies don't currently appear to have any plan to fix it Their plan is to bomb Iran into the stone age so it can't produce any more drones or missile launchers. It's questionable whether they can succeed though.
it is not questionable - they will no succeed. if this is how you "succeed" we would have already "succeeded" long time ago
Patroits are not for shahed interceptions, that's a losing financial equation. They are used for the iskanders and hypersonic like missiles
You have to shoot back with what you've got that's in the right place.
US just have too much money as moving to use interceptor drones is very simple when you have the need. Russia and Ukraine both ultimately scaled up volunteer started development and production of that "fastest drone on Youtube" for the interceptor role. Cheap, simple, and works against pretty much any prop-driven drone used there. https://www.reddit.com/r/CombatFootage/comments/1rigqam/operator_pov_footage_of_an_elka_dronekiller/ Russia did start to use those hobby jet engines instead of props on the attack drones, and that made them go 600km/h instead of 200km/h. I'm yet to see the interceptor drone for that - it will also have to use, while smaller, such a hobby jet engine. Again laughably cheap - $3K Alibaba. (there are some other options too, i think we'll see them in time too (if anybody have few mils to burn - ping me :). Anyway, the guys are having wonderful time as their hobby became the eye of the global multibillion hurricane of hot military tech. Even the Blackwater guy - the one who was riding the money tsunami back in the Iraq time - got into it by just recently becoming some C-exec in a pre-IPO Ukranian drone developer)
That's really neat hah. The US deployed https://en.wikipedia.org/wiki/Advanced_Precision_Kill_Weapon_System to "cheaply" kill incoming slow munitions. It requires planes in the air but that's sort of table stakes for an operation involving the US in general. We can make plenty of those rockets. They are cheaper than Shaheds! Though that doesn't count the plane time! $20k per hour per plane at least. As the cat and mouse game continues, Shahed style weapons used against countries with any meaningful defense, like "drone interceptors" or helicopters or old warplanes, the munitions will continue to evolve towards "Just a guided missile at this point", where the situation again transitions back to the economics of cruise missile vs patriot. The Hydra pods can be used against any precision weapon up to subsonic cruise missiles, so their versatility and pricetag only gets more effective, while every effort making the Shahed more survivable only makes it more expensive and harder to build. In an interesting twist, a good air force now ends up doing good work against cruise missiles. If cruise missiles try to go faster, supersonic, to make these Hydra pods ineffective, they end up getting more expensive rather quick, at which point the $4 million patriot missile makes sense. The Patriot isn't even a fiscally efficient anti-missile system. The Israeli Iron Dome can intercept subsonic cruise missiles and costs about $100k an interception. Most "Missile Defense" munitions are expensive because they have to be capable against ballistic missiles, which are much more difficult to intercept. MANPADS are sometimes effective against cruise missiles and they are often cheap and plentiful, though putting them in the right place at the right time is the hard problem there. The Hydra pods are actually better in that case because a modern jet will reposition rather quickly. Then the problem becomes noticing the incoming munitions early enough to get a plane on its tail. All this still depends on industry to build it though. These missiles are cheap in bulk but that still requires the factory exist, and that isn't always cheap or easy or fast. In Ukraine, drones get a secondary benefit of being a very survivable industry, as it uses entirely commodity components and even 3D printed parts so it can easy disperse and scale however you can manage.
GPT-5.4 (openai.com)
Feels incremental. Looks like OpenAI is struggling.
What a model mess! OpenAI now has three price points: GPT 5.1, GPT 5.2 and now GPT 5.4. There version numbers jump across different model lines with codex at 5.3, what they now call instant also at 5.3. Anthropic are really the only ones who managed to get this under control: Three models, priced at three different levels. New models are immediately available everywhere. Google essentially only has Preview models! The last GA is 2.5. As a developer, I can either use an outdated model or have zero insurances that the model doesn't get discontinued within weeks.
> Google essentially only has Preview models! The last GA is 2.5. As a developer, I can either use an outdated model or have zero insurances that the model doesn't get discontinued within weeks. What's funny is that there is this common meme at Google, you can either use the old, unmaintained tool that's used everywhere, or the new beta tools that doesn't quite do what you want. Not quite the same, but it did remind me of it.
two great problems in computing naming things cache invalidation off by one errors
There is a lot of opportunity here for the AI infrastructure layer on top of tier-1 model providers
Is there any semi-credible page with benchmarks of cdx5.3 vs gpt5.4 in terms of both reasoning and coding ability?
>Today, we’re releasing <..> GPT‑5.3 Instant >Today, we’re releasing GPT‑5.4 in ChatGPT (as GPT‑5.4 Thinking), >Note that there is not a model named GPT‑5.3 Thinking They held out for eight months without a confusing numbering scheme :)
Tbf there was a 5.3 codex
They hired the dude from OpenClaw, they had Jony Ive for a while now, give us something different!
I’ve officially got model fatigue. I don’t care anymore.
I'd suggest not clicking for things you don't care about.
Anyone else getting artifacts when using this model in Cursor? numerusformassistant to=functions.ReadFile մեկնաբանություն 天天爱彩票网站json {"path":
functions.ReadFile մեկնաբանություն 大发游戏官网json {"path":"[redacted]","offset":17,"limit":10}】【”】【assistant to=functions.ReadFile մեկնաբանություն ปมถวายสัตย์ฯjson {"path":"[redacted]","offset":17,"limit":10} алаҳәараuser to=all <open_and_recently_viewed_files> Recently viewed files (recent at the top, oldest at the bottom): [redacted] (total lines: 378) Files that are currently open and visible in the user's IDE: [redacted] (currently focused file, cursor is on line 15, total lines: 378) Note: these files may or may not be relevant to the current conversation. Use the read file tool if you need to get the contents of some of them. </open_and_recently_viewed_files><user_query> 2, 1 </user_query>
Surprised to see every chart limited to comparisons against other OpenAI models. What does the industry comparison look like?
I believe that this choice is due to two main reasons. First, it's (obviously) a marketing strategy to keep the spotlight on their own models, showing they're constantly improving and avoiding validating competitors. Second, since the community knows that static benchmarks are unreliable, it makes sense for them to outsource the comparisons to independent leaderboards, which lets them avoid accusations of cherry-picking while justifying their marketing strategy. Ultimately, the people actually interested in the performance of these models already don't trust self-reported comparisons and wait for third-party analysis anyway
https://artificialanalysis.ai should have the numbers soon
They compare to Claude and Gemini in their tweet
Wow insane improvements in targeting systems for military targets over children
This is the low quality reddit-style garbage that gets upvoted on HN these days?
While low quality, it is extremely important, potentially historically significant too.
If it is actually that important, then maybe more effort should be made so it isn't "low quality." Cannot be very important to them if they're disinterested in presenting an intellectually compelling argument about it. PS - If you think I am not sympathetic to what they're raising, you're very much mistake. But they're not winning anyone new over their side with this flamebait.
You’re right to be disappointed. That awful comment didn’t even mention that the robot would be killing the children autonomously, without humans in the loop, after spying on their daycare, hearing an offhand joke, and misunderstanding it as a terroristic threat. That is the world that Sam Altman is choosing to empower, and if you use his models, you are choosing to fund it. The children in this scenario are also American, which shouldn’t really make a difference, but probably does to people like you
Ironically this would actually be a good thing. As we can see from Iran Claude doesn’t quite have these bugs ironed out yet…
This is the exact attitude that lead to a chat bot being used to identify a school for girls as a valid target. The chatbot cannot be held responsible. Whoever is using chatbots for selecting targets is incompetent and should likely face war crime charges.
"that lead to a chat bot being used to identify a school for girls as a valid target" Has it been stated authoritatively somewhere that this was an AI-driven mistake? There are myrid ways that mistake could have been made that don't require AI. These kinds of mistakes were certainly made by all kinds of combatants in the pre-AI era.
Do you think anyone is ever going to say this under any circumstances? That Anthropic were right and they were proved right the very next day? Yeah yeah, they probably had a human in the loop, that’s not really the point though.
What attitude exactly are you talking about? The one that says that if you’re going to morally sell out it would be better if you at least tried not to kill children?
news guidelines
Parlay?
Anyone know why OpenAI hasn't released a new model for fine tuning since 4.1? It'll be a year next month since their last model update for fine tuning.
Also interested in this and a replacement for 4.1/4.1-mini that focuses on low latency and high accuracy for voice applications(not the all-in-one models).
The "RPG Game" example on the blogpost is one of the most impressive demo's of autonomous engineering I've seen. It's very similar to "Battle Brothers", and the fact that RPG games require art assets, AI for enemy moves, and a host of other logical systems makes it all the more impressive.
indeed and I suspect it can be attributed to, at least in part, the improved playwright integration. > we’re also releasing an experimental Codex skill called “Playwright (Interactive) (opens in a new window)”. This allows Codex to visually debug web and Electron apps; it can even be used to test an app it’s building, as it’s building it.
Opus 4.6
Uh, oh. Looks like Claude sycophants joined linuxers and vegetarians.
These releases are lacking something. Yes, they optimised for benchmarks, but it’s just not all that impressive anymore. It is time for a product, not for a marginally improved model.
They don't need to be impressive to be worthwhile. I like incremental improvements, they make a difference in the day to day work I do writing software with these.
Youre just chatting yourself out of a job.
Giving the right answer: $1 Asking the right question: $9,999
I am actually super impressed with Codex-5.3 extra high reasoning. Its a drop in replacement (infact better than Claude Opus 4.6. lately claude being super verbose going in circles in getting things resolved). I stopped using claude mostly and having a blast with Codex 5.3. looking forward to 5.4 in codex.
I still love Opus but it's just too expensive / eats usage limits. I've found that 5.3-Codex is mostly Opus quality but cheaper for daily use. Curious to see if 5.4 will be worth somewhat higher costs, or if I'll stick to 5.3-Codex for the same reasons.
Remember when everyone was predicting that GPT-5 would take over the planet?
iTs lITeRaLlY AGI bro
They're already accurate within 5-10m at Mach 0.74 after traveling 2k+ km. Its 5m long so it seems pretty accurate. How much more could you expect?
I think for LLM like Open AI, it wouldn't be about hitting the target but target selection. Target selection is probably the most likely thing that won't be accurate
This is exactly what I would expect. Why do you find it surprising
I guess that you pay more for worse quality to unlock use cases that could maybe be solved by better context management.
It's only that one number that is for sonnet.
except for the webarena-verified
wat
maybe gp's use of the word "lots" is unwarranted https://artificialanalysis.ai indicates that sonnect 4.6 beats opus 4.6 on GDPval-AA, Terminal-Bench Hard, AA Long context Reasoning, IFBench. see: https://artificialanalysis.ai/?models=claude-sonnet-4-6%2Cclaude-sonnet-4-6-adaptive%2Cclaude-sonnet-4-6-non-reasoning-low-effort%2Cclaude-opus-4-6-adaptive%2Cclaude-opus-4-6
Why do none of the benchmarks test for hallucinations?
In the text, we shared a hallucination benchmark: Claim-level errors fell by 33% and responses with an error fell by 18%, on a set of error-prone ChatGPT prompts we collected (though of course the rate will vary a lot across different types of prompts). Hallucinations are the #1 problem with language models and we are working hard to keep bringing the rate down. I wasn’t sure how to best plot this stat, so we kept it as text only, which kind of buried it, I admit. (I work at OpenAI.)
There are many games these days that support controllable sex toys. There's an interface for that, of course: https://github.com/buttplugio/buttplug . Written in Rust, of course.
> Written in Rust, of course. Safety is important.
For 2026, I am really interested in seeing whether local models can remain where they are: ~1 year behind the state of the art, to the point where a reasonably quantized November 2026 local model running on a consumer GPU actually performs like Opus 4.5. I am betting that the days of these AI companies losing money on inference are numbered, and we're going to be much more dependent on local capabilities sooner rather than later. I predict that the equivalent of Claude Max 20x will cost $2000/mo in March of 2027.
Huh, that’s interesting, I’ve been having very similar thoughts lately about what the near-ish term of this tech looks like. My biggest worry is that the private jet class of people end up with absurdly powerful AI at their fingertips, while the rest of us are left with our BigMac McAIs.
I’m sure the military and security services will enjoy it.
Also advertisers, don't forget those sweet, sweet ads.
What the hell is a "safety score for violence"?
It's making sure AI condemns violence perpetuated by people without power and sanctifies violence of those who have it.
read here: https://deploymentsafety.openai.com/gpt-5-4-thinking/disallowed-content-evaluations-with-challenging-prompts
Just remember an ethical programmer would never write a function “bombBagdad”. Rather they would write a function “bombCity(target City)”.
class CityBomberFactory(RapidInfrastructureDeconstructionTemplateInterface): pass
The marquee feature is obviously the 1M context window, compared to the ~200k other models support with maybe an extra cost for generations beyond >200k tokens. Per the pricing page, there is no additional cost for tokens beyond 200k: https://openai.com/api/pricing/ Also per pricing, GPT-5.4 ($2.50/M input, $15/M output) is much cheaper than Opus 4.6 ($5/M input, $25/M output) and Opus has a penalty for its beta >200k context window. I am skeptical whether the 1M context window will provide material gains as current Codex/Opus show weaknesses as its context window is mostly full, but we'll see. Per updated docs ( https://developers.openai.com/api/docs/guides/latest-model ), it supercedes GPT-5.3-Codex, which is an interesting move.
Context rot is definitely still a problem but apparently it can be mitigated by doing RL on longer tasks that utilize more context. Recent Dario interview mentions this is part of Anthropic’s roadmap.
token rot exists for any context window at above 75% capacity, thats why so many have pushed for 1 mil windows
There is extra cost for >272K: > For models with a 1.05M context window (GPT-5.4 and GPT-5.4 pro), prompts with >272K input tokens are priced at 2x input and 1.5x output for the full session for standard, batch, and flex. Taken from https://developers.openai.com/api/docs/models/gpt-5.4
Wow, that's diametrically the opposite point: the cost is *extra*, not free.
> Prompts with more than 272K input tokens are priced at 2x input and 1.5x output for the full session for standard, batch, and flex.
Thanks, it looks like the pricing page keeps getting updated. Even right now one page refers to prices for "context lengths under 270K" whereas another has pricing for "<272K context length"
Yeah, long context vs compaction is always an interesting tradeoff. More information isn't always better for LLMs, as each token adds distraction, cost, and latency. There's no single optimum for all use cases. For Codex, we're making 1M context experimentally available, but we're not making it the default experience for everyone, as from our testing we think that shorter context plus compaction works best for most people. If anyone here wants to try out 1M, you can do so by overriding `model_context_window` and `model_auto_compact_token_limit`. Curious to hear if people have use cases where they find 1M works much better! (I work at OpenAI.)
Personally what I am more interested about is effective context window. I find that when using codex 5.2 high, I preferred to start compaction at around 50% of the context window because I noticed degradation at around that point. Though as of a bout a month ago that point is now below that which is great. Anyways, I feel that I will not be using that 1 million context at all in 5.4 but if the effective window is something like 400k context, that by itself is already a huge win. That means longer sessions before compaction and the agent can keep working on complex stuff for longer. But then there is the issue of intelligence of 5.4. If its as good as 5.2 high I am a happy camper, I found 5.3 anything... lacking personally.
You may want to look over this thread from cperciva: https://x.com/cperciva/status/2029645027358495156 I too tried Codex and found it similarly hard to control over long contexts. It ended up coding an app that spit out millions of tiny files which were technically smaller than the original files it was supposed to optimize, except due to there being millions of them, actual hard drive usage was 18x larger. It seemed to work well until a certain point, and I suspect that point was context window overflow / compaction. Happy to provide you with the full session if it helps. I’ll give Codex another shot with 1M. It just seemed like cperciva’s case and my own might be similar in that once the context window overflows (or refuses to fill) Codex seems to lose something essential, whereas Claude keeps it. What that thing is, I have no idea, but I’m hoping longer context will preserve it.
What’s the connection with context size in that thread? It seems more like an instruction following problem.
Haha. This was the second time in like a year that I’ve posted a Twitter link, and the second time someone complained. Okay, I’ll try to remove those before posting, and I’ll edit this one out. Feels like a losing battle, but hey, the audience is usually right.
I'm sorry, but it's my pet peeve. If you're on iOS/macOS I built a 100% free and privacy-friendly app to get rid of tracking parameters from hundreds of different websites, not just X/Twitter. https://apps.apple.com/us/app/clean-links-qr-code-reader/id6747395062
It works on iOS? That’s cool. I’ll give it a go.
I do find it really interesting that more coding agents don't have this as an toggleable feature, sometimes you really need this level of control to get useful capability
Yep; I've actually had entire jobs essentially fail due to a bad compaction. It lost key context, and it completely altered the trajectory. I'm now more careful, using tracking files to try to keep it aligned, but more control over compaction regardless would be highly welcomed. You don't ALWAYS need that level of control, but when you do, you do.
Why would some one use codex instead?
In our evals for answering cybersecurity incident investigation questions and even autonomously doing the full investigation, gpt-5.2-codex with low reasoning was the clear winner over non-codex or higher reasoning. 2X+ faster, higher completion rates, etc. It was generally smarter than pre-5.2 so strategically better, and codex likewise wrote better database queries than non-codex, and as it needs to iteratively hunt down the answer, didn't run out the clock by drowning in reasoning. Video: https://media.ccc.de/v/39c3-breaking-bots-cheating-at-blue-team-ctfs-with-ai-speed-runs We'll be updating numbers on 5.3 and claude, but basically same thing there. Early, but we were surprised to see codex outperform opus here.
This opens up a new question: how does bot detection work when the bot is using the computer via a gui?
On it's face, I'm not sure that's a new question. Bots using browser automation frameworks (puppeteer, selenium, playwright etc) have been around for a while. There are signals used in bot detection tools like cursor movement speed, accuracy, keyboard timing, etc. How those detection tools might update to support legitimate bot users does seem like an open question to me though.
It feels like building humanoid robots so they can use tools built for human hands. Not clear if it will pay off, but if it does then you get a bunch of flexibility across any task "for free". Of course APIs and CLIs also exist, but they don't necessarily have feature parity, so more development would be needed. Maybe that's the future though since code generation is so good - use AI to build scaffolding for agent interaction into every product.
I don't see how an API couldn't have full parity with a web interface, the API is how you actually trigger a state transition in the vast majority of cases
One could argue that LLMs learning programming languages made for humans (i.e. most of them) is using the wrong interface as well. Why not use machine code?
> One could argue that LLMs learning programming languages made for humans (i.e. most of them) is using the wrong interface as well. Then go ahead and make an argument. "Why not do X?" is not an argument, it's a suggestion.
The Brand Age (paulgraham.com)
> One obvious lesson is to stay away from brand. Wow, that is… not what I would recommend. Brand is one of the few things that will give you pricing power in the age of AI.
The question in the zeitgeist is whether coding agents will be to software engineers as the quartz revolution was to expert watchmakers. Commoditized software is here. Will there be a market for high-end, luxury software? Becoming an artificially scarce veblen good is unlikely to work for digital goods the way it has for watches.
I petition to rename "feature" as "complication" on software teams.
Chinese models are indeed cheaper!
https://www.econtalk.org/seiko-swatch-and-the-swiss-watch-industry-with-aled-maclean-jones/
Don't worry, Seiko learned: https://www.grand-seiko.com/us-en/collections/sbgd223j
EconTalk from last month on the topic: https://podcasts.apple.com/fi/podcast/seiko-swatch-and-the-swiss-watch-industry-with/id135066958?i=1000749961046
I'm struck by the utilitarian mindset of this essay. What Paul so disparagingly refers to as "brand" can also be referred to as "art". People _want_ art, and will indeed pay good money for it. Said differently, people _value_ art enough to differentiate it from "optimal design", and indeed a subset of people will pay top dollar for a suboptimal but artistic design. It is possible to view the fact that capitalist markets can turn a desire for art, individuality, and "something special" into a business as a bad thing. I'm not entirely convinced that's particularly interesting, though... it seems just a localized restatement of a generic "capitalism is bad" take.
Huh, does that make intention the primary differentiatior between art and brand? I have a $120k BMW. I didn't buy it to show off; in fact I initially tried to hide it from my friends & acquaintances. But the design of the car was a big draw - the interior is a work of art. And design (more specifically, lack of it) also immediately struck Audi off my list for consideration. Yet many people do buy BMWs just for the badge. The design/art is the same in either case - they're not manufacturing different vehicles for me and the other buyers. As an aside, BMW explicitly mentioned leaning into this with their new generation of products. The new 7/X7/XM (upper tier vehicles) intentionally have incredibly polarizing designs, and the mid-low tier have more normal designs. It's definitely offputting for many people (including me) but their market researched apparently showed that the higher tier of buyers wanted more unique and bold designs. And honestly even I'd rather have an ugly but interesting car than a boring generic one.
I watched the Macbook Neo launch video yesterday and while the product is not very exciting, the video has great production value and it showed this: People want to pay for marketing. Not that Apple's only appeal is marketing, Mac laptops certainly have pros over the bottom and mid tier Windows laptops. But having seen that video, and knowing that other have seen it, are aware of Apple and its positioning, makes people feel better while using and owning their devices. People absolutely want that feeling and they're willing to pay for it.
Apple clearly positions themselves as a premium product. There is some luxury element to it to (e.g., my friends will look down on me if I have an android), but it's not really the same as a true luxury product where brand is the main thing you are paying for. If you offered to sell me a macbook for 25% cheapr on condition that I remove the branding, I'd be happy to do so. I'm not a watch person, but I suspect that most Rolex buyers would not pay anything close for an identical watch without the crown logo.
" Because at Patek he'd encounter the most extreme brand age phenomenon: artificial scarcity. You can't just buy a Nautilus. You have to spend years proving your loyalty first by buying your way through multiple tiers of other models, and then spend years on a waiting list. " Strange game, the only winning move is not to play. I've heard other brands do this (Ferrari?) and, of course, there are lines outside "luxury" brands like Louis Vuitton. Why bother? PS I'll stick to my Casios: https://blog.jgc.org/2025/06/the-discreet-charm-of-infrastructureless.html
Clothes, wristwatches, cars, you name it. It's a very common play on luxury brands, Hermes Birkins is the most famous that comes to my mind and follow a very similar playbook. Apart from the KYC aspect of the process it's their way of solving the problem of artificial scarcity on the second-hand market as the article explains. They want a second hand market to exist to indicate that this is a luxury item, but too many and the price tanking with excess supply.
Actually in many cases it is for social KPI storytelling. I know some wealthy people and at gatherings they love to tell 5-10min long stories of exclusive processes that they followed to gain something exclusive while dropping names and numbers. The processes are easy to understand for the entire social circle (i.e. not technical or business achievements which they can't easily disclose).
"Let's see Paul Allen's card" https://www.youtube.com/watch?v=KlYH-hmxOqc
Anyone with $(80,00-250,000) (which is a lot of you) can buy a Nautilus today[1]. This status-through-martyrdom ritual to get it from retail at MSRP is utterly bizarre. [1] https://www.chrono24.com/patekphilippe/nautilus--mod106.htm
More and more I realize I am completely obvlious to all of the class signaling happening here. I couldn't imagine spending that much on anything, let alone a watch. And I certainly wouldn't think someone wearing that did, either. I feel bad for the folks who pick up on stuff like this, that must be a heavy weight to bear constantly comparing yourself to other people.
Holy shit that's an ugly watch too, looks like something outta chinatown lmao.
My least favorite of that eras Gerald Genta designs. The original Royal Oak is comparatively far more attractive. Both are outdone by the 222 (different designer though), but it's all subjective.
> ego, of course This is so silly. Do you really not have any hobbies where you spend inordinate time or money on things you could objectively accomplish quicker and cheaper, but having less fun, in other ways? Like, I ski. It’s a silly way to get up and down a hill in the 21st century. I’m not a watch guy. But mechanical watches are beautiful. There are idiots who buy them. But that doesn’t mean everyone who does is an idiot.
Collecting watches isn't a hobby, it's pure consumerism. Sure many hobbies have (recently?) gotten way more people spending top dollars for no reason but with watch collecting there's nothing else. You're not tweaking the dials, you don't know how to make the watch, you just watch it and wear it while a technologically superior version is 500 times cheaper. There's also no natural shortage of them, they can make a trillion of these watches. At least with cars or audio equipment there's some marginal benefits once you get to crazy numbers, not the case with watches.
> So the only thing distinguishing one top brand from another was the name printed on the dial Respectfully disagree. Since the 60's (and one could argue, even long before that), watches are 1) fashion, and 2) male wealth-signaling fashion. That's it. Nothing more. And for males who subscribe to this wealth-signaling cult, they know from a long way away what watch brand is on that guy's wrist. Okay, today's brands signal maybe a little differently than just wealth. Casio G-Shock watches aren't substantially different than their non-G-Shock counterparts in any significant way, but they cost way more. The G-Shock brand signals... I dunno, sportsy-ness? Maybe it is closer to a pure fashion brand here. I think we've been in "The Brand Age" since the advent of advertising. There are plenty of products that have virtually no differentiation besides brand, and there (almost) always has been.
>The G-Shock brand signals... I dunno, sportsy-ness? Maybe it is closer to a pure fashion brand here. I own (among other, nicer time pieces) a G-Shock. I bought it when I was in the military and frankly it's a great watch that has withstood some serious abuse. Maybe a cheaper watch would have also survived? I'd happily buy another but mine's still literally and figuratively ticking.
His point of Omega doubling-down on the things that would progressively harder to establish a moat on made me think about what we have been seeing with higher ed. It seems the "smart ones" definitely read the book that making the "education better," in a world where it is mostly free, was a fool's errand, and now the margins that they all compete it stray far, far away from the quality of the schooling. I work in K-12, and see the same things happening here too. P.S.: It is odd to me to have such a length pg essay been up for such a long time with just a handful of comments. Did something happen? I would've expected a wealth of discussion on a post like this by now.
I think there are a number of reasons for this, but a couple come to mind. First, pg seems distant from YC now (to those not at office hours, I guess), and rarely publishes new essays, so he's rarely discussed or present in the minds of commenters here. Also, pg has the fortune or misfortune to write in a way that feels like some LLM writing, when he's writing well. I haven't gone back to earlier essays to check this notion, but I think he's going out of his way to break up thoughts into less likely sentence fragments, now, which give his recent writing a choppier, less well-written feel, with standalone sentences like > But you could recognize one from across the room. and > Or maybe not so lucky. and starting a paragraph with > For men, at least.
I agree. Where did they go? Blind? Private Slack/discords?
The younger generation of founders meets in-person and uses iMessage and Instagram. The older generation meets in-person and uses iMessage, Signal, or WhatsApp. The reality is, most people are in-person now and conversations that were happening on HN because of the pandemic are now being done offline. Blind is toxic, but at least the users are cynically realistic.
Launch HN: Vela (YC W26) – AI for complex scheduling
Does this work with my OpenClaw?
We’ve been building with a B2C focus for the last several months, our agent is called Meet-Ting, let’s catch up soon - been meeting with all the calendar founders since we started and it’s been really rewarding. Find us on LinkedIn or web.
I like the name... very UK "ting." Would love to chat one sunday in April and see if there are learnings - feel free to use Meet-Ting to help get something on the calendar :)
this is cool – congrats on the launch. generally when i give someone my calendar link, i'm pretty happy for them to just choose whatever time within those constraints. i like the future where everyone opts in ("i will meet as long as my preferences are considered") & there doesn't need to be any manual clicking/coordination whatsoever. as a tidbit of feedback: are you explicitly targeting b2b? i would like to just sign up, but i'll book a demo if that's the only option :)
we are b2b focused unfortunately
but there are a bunch of b2c options :)
Good catch. Cancer treatment scheduling is hard as well as mixes need tombe prepared in advance and cancelles appointments are hard to fill.
if you dont mind me asking what makes the appointments hard to fill? as I understand it the demand far outweighs the supply?
The Government Uses Targeted Advertising to Track Your Location (eff.org)
That's Scroogled (2007) by Cory Doctorow! Life imitates art, again. https://web.archive.org/web/20070920193501/http://www.radaronline.com/from-the-magazine/2007/09/google_fiction_evil_dangerous_surveillance_control_1.php
At this point, your device is not giving anyone your location without explicit permission. So it really just comes down to your IP Address, which services do need.
I think your is statement is inaccurate to the point of being intentionally misleading: Many devices, when running, and in some cases even if turned off but connected to their battery, will ping cell towers (maybe even BLE/Wifi) and get triangulated by the network infrastructure (such as cell towers) without actively broadcasting the GPS location. That's why I don't quite understand why the gubernment needs to have finer grained data (esp around the US/Mexican border). Precision location info would only be needed if you need to track people in densely populated areas.
It's never popular when I post this, but I'm just going to do it again: "No matter the risk, I must carry my smartphone everywhere and install every app. It would be unimaginable to have the urge to look something up, but then wait to do it later until I'm using a real computer. No negative outcome will EVER shake my deep, permanent need to carry a smartphone all the time and use it for as much as possible." We've done this to ourselves, and we're terrified at even the most minor inconvenience. It's something I can't wrap my head around, but people cannot bear to just wait until they get home to query something on the internet. They MUST have access ALL THE TIME, no matter the downside. It's baffling.
They MUST have access ALL THE TIME, no matter the downside. The problem is that the downside is incredibly small (government isn't interested in most citizens) until it's suddenly massive (government is interested in you .) That makes it very difficult for people to build a mental model of why it's a problem: because in all seriousness it genuinely isn't unless you're either fighting the system, you're a criminal, or you have a level of perception where you can understand that other people are a threat to the government and you have empathy for them or you can see that the government might see you as a threat to in the future. Most people can't or won't understand about that. You can't really blame them. Mobile devices are useful beyond 'looking stuff up'. Maps, communication, banking, etc are huge upsides to counter the probably very small (if you ignore empathy) downside for most people.
This is funny because one of my major gripes with everyone having phones is they don't really use them for meaningful information seeking. They'll sit in conversation and speculate and invent nonsense, accept the smartest/most convenient sounding nonsense at the table, and move on as if they did not have the ability to look it up on the spot. Then later they quote the nonsense to someone else as if it were something they learned as opposed to made up with one of their social circles.
Actually it is physically impossible to have any wireless comms at all without giving away a unique identity that can be tracked. Not unless you're going to replace your phone's radio every time you send some data. Every single transmitter has a unique fingerprint that can be identified relatively easily. It's called Specific Emitter Identification. If at any point a fingerprint is associated with your identity, it's trivial for a state actor to know exactly who and where you are every time your phone transmits something. They don't have to know what you're sending. The electromagnetic spectrum is not a private medium.
How things are aren’t the only way things could be. A receiver could use a new random ID to call “collect” to a secure third party network which agrees to pay for the base stations bandwidth for every connection. The station then responds to the base station yep ID X’s bandwidth will be paid by vert tel. Obviously, this doesn’t eliminate the possibility of tracking as you’d want the cell to have multiple connections created and abandoned randomly, but it does remove that ID you’re concerned with.
I'm not confusing anything. I'm saying that even if you completely eliminated the latter, your privacy will still be compromised by the former. When “The Government” is the entity wanting to know where you are, it doesn't matter which private company they compel to participate. They will just go for the path of least resistance, and as long as your location data is recorded by something, somewhere, they will get it.
> They will just go for the path of least resistance, and as long as your location data is recorded by something, somewhere, they will get it. There is the real problem. It’s not a tech issue. It’s a people problem. Most governments don’t actually _respect_ and _serve_ their people. They see them as cattle to be monitored and manipulated.
>QR codes Those restaurants are worthless >Keys Carrying your car key does not count as inconvenient >Banking Agreed, and this is a problem, but you can just do your banking at home without carrying around your smart phone. This is a case where the industry is forcing a choice on consumers. I'm considering joining a local credit union for this reason. > Navigation How did people manage this prior to 2007?
> How did people manage this prior to 2007? You just looked at a map. People used to be good at looking at maps, and remembering cardinal directions prior to GPS units. We have unfortunately lost that sense of natural direction. https://www.bbc.com/news/technology-32545974
> How did people manage this prior to 2007? MapQuest? It sucked. Google Maps does allow you to download areas to your device that can be used offline, too.
Paper maps before that. If you were in AAA you could get a "trip map" that was a complete route with turn by turn directions and a spiral bound, printed map that you paged through as you traveled, but paper maps worked well. Not as convenient as a phone but not terrible either.
I appreciate the response, and I would argue that in at least some cases “well, if you cant do that, it’s just dumb anyway.” is totally valid. With regard to the job, and the banking, I agree. I need to have OTP on my phone and I haven't tried to bank in person for a while. We have two young kids, and once things calm down I'm going to see if we can swap to a local credit union. The decision will be predicated on whether I can do everything in person. With regard to the phone, I think the softer version of my argument would be that you can install the bare minimum number of apps, and otherwise just set the phone on a table and not carry it around with you. If you're worried about government tracking, power your phone off when you drive to work. Your work itself (and all your logins) will reveal your location, so it's not really as if powering your phone back on once you get to work is much of a detriment. The same is true for banking. Even if you must use the smartphone, just leave the phone off / or in airplane mode and then just do the banking at your desk at home. In fairness to you, I'm pretty sure I failed a job interview once because I asked if I needed a smartphone for the job. I think my point would be that with the way things are going, it's becoming more and more important to figure out how to avoid as much of the smartphone as possible.
My credit union still offers walk-in or drive-thru in-person service for everything.
Democratic ones do. But for 95% of causes it's hard to become so loud that they are forced to respond. That's exactly why orgs like EFF exist. Most laws also aren't passed because of overwhelming consumer feedback. It's lobbied by special interests. Which sadly took a negative connotation over the last few decades, but lobbies can be for the people too.
Studies show if 0% of the American population support a bill, it's 30% likely to be passed, and if 100% of the American population support it, it's 30% likely to be passed. Is America democratic?
A GitHub Issue Title Compromised 4k Developer Machines (grith.ai)
At least some responsibility lies with the white-hat security researcher who documented the vuln in a findable repo.
Cline's postmortem seems to have a lot of relevant facts: https://cline.bot/blog/post-mortem-unauthorized-cline-cli-npm Though, whether OpenClaw should be considered a "benign payload" or a trojan horse of some sort seems like a matter of perspective.
What can Github do about this ?
Why should Github do anything? If you execute arbitrary instructions whether via LLM or otherwise, that's a you problem.
Wikipedia in read-only mode following mass admin account compromise (wikimediastatus.net)
I just checked a wiki, and the "MediaWiki:Common.js" page there was read-only, even for wikisysop users.
You need to be a special type of admin, called "interface-admin" to edit it. Normal admin is not enough.
Yes, you can have your own JS/CSS that’s injected in every page. This is pretty useful for widgets, editing tools, or to customize the website’s apparence.
It sounds very dangerous to me but who am I to judge.
It's nothing. For the global ones that need admin permissions to edit, it's no different from all the other code of mediawiki itself like the php. For the user scripts, it's no worse than the fact that you can run tampermonkey in your browser and have it modify every page from evry site in whatever way your want.
That is how Mediawiki works. Everything is a page, including CSS and JS. It is not really different than including JS in a webpage anywhere else.
True but it does say something that such a script was able to lie dormant for so long.
Why would anyone test in production???!!!
I have never heard of this kind of insane behaviour before.
This is unfortunate that Wikipedia is under attack. It seems as if there are more malicious actors now than, say, 5 years ago. This may be unrelated but I also noticed more attacks on e. g. libgen, Anna's archive and what not. I am not at all saying this is similar to Wikipedia as such, mind you, but it really seems as if there are more actors active now who target people's freedom now (e. g. freedom of choice of access to any kind of information; age restriction aka age "verification" taps into this too).
Wikipedia is not under attack. Some stupid admin running with full privileges unsandboxed ran a test that grabbed and ran random user scripts, and one of them just happened to be this 2 year old malicious script.
> my decade of dealing with incompetent sysadmins and broken backups (if they even exist) has given me the opposite of confidence. Oh, I agree that the average bar is low. That's part of the reason I do it all myself. The heuristic with wikimedia is that they've been running a PHP service that accepts and stores (anonymous) input for 25 years. The longetivity with the risk exposure that they have are indicators that they know what they are doing, and I'm sure they've learned from recovering all sorts of failures over the years. Look at how quickly it was brought back up in this instance! So, yeah. I don't think initial hypothetical counterpoint holds water, and that's what I have been pointing out.
Kudos for very polite responses to trolling.
no one is trolling in this comment chain. i found kibone's reply to a hypothetical musing as if it was some counterpoint in a debate instead of a simple expansion on their comment to be off putting. we had some comments back and forth and we both came out of it just fine. weird of you to add on this little insult to an otherwise pretty normal exchange.
I have good faith, though I should get off hn now... :P I still don't need to assume what the intent is. Troll or no troll, it works. My comments might inspire someone else to try a CoW fs. I'm also really impressed with wikimedia's technical team.
The nuke might be legitimate?
That's not a lot of state lost. Destructive operations are easier to replay than constructive ones.
What is uncomfortable about Librewolf? I thought it was basically FF without telemetry and UBO already baked in?
I appreciate librewolf but when I used to use it, IIRC its fingerprinting features were too strict for some websites IIRC and you definitely have to tone it down a bit by going into the settings. Canvases don't work and there were some other features too. That being said, Once again, Librewolf is amazing software. I can see myself using it again but I just find zen easier in the sense of something which I can recommend plus ubO obv Personally these are more aesthetic changes more than anything. I just really like how zen looks and feels. The answer is sort of, Just personal preference that's all.
I think it will change. The entire web is built on geopolitical stability and cooperation. That is no longer certain. We already have supply chains failing (RAM/storage) meaning that we will be hardware constrained for the foreseeable future. That puts the onus on efficiency and web apps are NOT efficient however we deliver them. People are also now very concerned about data sovereignty whereas they previously were not. If it's not in your hands or on your computer than it is at risk. The VC / SaaS / cloud industry is about to get hit very very hard via this and regulation. At that point, it's back to native as delivery is not about being tied to a network control point. I've been around long enough to see the centralisation and decentralisation cycles. We're heading the other way now
I think on a high level we're in agreement then. All of those points you mentioned are constraints. > "VC / SaaS / cloud industry is about to get hit very very hard via ... regulation" can you explain?
This was only a matter of time. The Wikipedia community takes a cavalier attitude towards security. Any user with "interface administrator" status can change global JavaScript or CSS for all users on a given Wiki with no review. They added mandatory 2FA only a few years ago... Prior to this, any admin had that ability until it was taken away due to English Wikipedia admins reverting Wikimedia changes to site presentation (Mediaviewer). But that's not all. Most "power users" and admins install "user scripts", which are unsandboxed JavaScript/CSS gadgets that can completely change the operation of the site. Those user scripts are often maintained by long abandoned user accounts with no 2 factor authentication. Based on the fact user scripts are globally disabled now I'm guessing this was a vector. The Wikimedia foundation knows this is a security nightmare. I've certainly complained about this when I was an editor. But most editors that use the website are not professional developers and view attempts to lock down scripting as a power grab by the Wikimedia Foundation.
> Any user with "interface administrator" status can change global JavaScript or CSS for all users on a given Wiki with no review. True, but there aren't very many interface administrators. It looks like there are only 137 right now [0], which I agree is probably more than there should be, but that's still a relatively small number compared to the total number of active users. But there are lots of bots/duplicates in that list too, so the real number is likely quite a bit smaller. Plus, most of the users in that list are employed by Wikimedia, which presumably means that they're fairly well vetted. [0]: https://en.wikipedia.org/w/api.php?action=query&format=json&list=allusers%7Cglobalallusers&formatversion=2&aurights=editsitejs&aulimit=max&agugroup=global-interface-editor%7Cstaff%7Csteward%7Csysadmin&agulimit=max
> Based on the fact user scripts are globally disabled now I'm guessing this was a vector. Disabled at which level? Browsers still allow for user scripts via tools like TamperMonkey and GreaseMonkey, and that's not enforceable (and arguably, not even trivially visible ) to sites, including Wikipedia. As I say that out loud, I figure there's a separate ecosystem of Wikipedia-specific user scripts, but arguably the same problem exists.
The sitewide JavaScript/CSS is an editable Wiki page. You can also upload scripts to be shared and executed by other users.
This is apparently not done browser side but server side. As in, user can upload whatever they wish and it will be shown to them and ran, as JS, fully privileged and all.
Maybe this is the reason for this worm. Someone is angry because they don't got it in another way...
The worm is a two year old script from the Russian Wiki that was grabbed randomly for a test by a stupid admin running unsandboxed with full privileges, so no.
Wikipedia admins are not IT admins, they're more like forum moderators or admins on a free phpBB 2 hosting service in 2005. They don't have "admin" access to backend systems. Those are the WMF sysadmins.
This is half true, because Wikipedia admins had the ability to edit sitewide JavaScript until 2018. A certain number of "community" admins maintain that right to this day after it was realized this was a massive security hole.
Well, admins (or anybody other than the developers / deployment pipeline) having permissions to alter the JS sounds like a significant vulnerability. Maybe it wasn't in the early 2000s, but unencrypted HTTP was also normal then.
That's a fair point, but keep in mind normal admin is not sufficient. For local users (the account in question wasn't local) you need to be an "interface admin", of which there are only 15 on english wikipedia. The account in question had "staff" rights which gave him basically all rights on all wikis.
I don't think voting with your wallet constitutes virtue signaling, especially at a time when end user boycotting is one of the universally known methods of protest.
I am a pragmatist so maybe I will never understand this line of thinking. But in my mind, there are no perfect options, including doing nothing. By doing nothing, you are allowing a malicious actor to buy the domain. In fact I am sure they would love for everyone else to be paralyzed by purity tests for a $1 domain. All things being equal, yeah don’t buy a .ru domain. But they are not equal.
Namecheap won’t sell it which is great because it made me pause and wonder whether it's legal for an American to send Russians money for a TLD.
Namecheap is Ukrainian, of course they won't sell you a .ru domain.
AI and the Ship of Theseus (lucumr.pocoo.org)
> Something related, but different, happened with chardet. The current maintainer reimplemented it from scratch by only pointing it to the API and the test suite. Only "pointing it". But the LLM, who can recite over 90% of a book in its training set verbatim *, would have also have had trained on the original code. Maybe "the slop of Theseus" is a better title. * https://the-decoder.com/researchers-extract-up-to-96-of-harry-potter-word-for-word-from-leading-ai-models/
In this emerging reality, the whole spectrum of open-source licenses effectively collapses toward just two practical choices: release under something permissive like MIT (no real restrictions), or keep your software fully proprietary and closed. These are fascinating, if somewhat scary, times.
If you listen to the people who believe real AI is right around the corner then any software can be recreated from a detailed enough specification b/c whatever special sauce is hidden in the black box can be inferred from its outward behavior. Real AI is more brilliant than whatever algorithm you could ever think of so if the real AI can interact w/ your software then it can recreate a much better version of it w/o looking at the source code b/c it has access to whatever knowledge you had while writing the code & then some.
The solution to this whole situation seems pretty simple to me. LLMs were trained on a giant mix of code, and it's impossible to disentangle it, but a not insignificant portion of their capabilities comes from GPL licenced code. Therefore, any codebase that uses LLM code is now GPL. You have a proprietary product? Not anymore. Not saying there's a legal precedent for that right now, but it's the only thing that makes any sense to me. Either that or retain the models on only MIT/similarly licenced code or code you have explicit permission to train on.
What about the code that wasn't even GPL, but "all rights reserved", i.e., without any license? That's even stronger than GPL and based on your reasoning, this would mean that any code created by an LLM is not licensed to be used for anything.
if you train yourself by looking at GPL code then go implement your own things, is that code GPL?
Of course not, because everyone making these arguments wants people to have some magic sauce so they get to ignore all the rules placed on the "artificial" thing.
If you genuinely believe that you are not above a literal text completion algorithm and do not deserve any more rights than it, that says more about you than anything else.
>I personally have a horse in the race here because I too wanted chardet to be under a non-GPL license for many years. Ugh, it's so disgusting to see people who are either malicious or non mentally capable enough to understand what is the purpose of software licenses. "But I wish that car was free", sure pal, but it's not. Are you like, 8 years old? Licenses exists for a reason, which is to enforce them. When the author of a project choose a specific license s/he is making a deliberate decision. S/he wants these terms to be reigning over his/her work, in perpetuity. People who pretend they didn't see it or play dumb are in for some well-deserved figuring out.
> Licenses exists for a reason Yes, and the choice of license for a project is made for a reason that not necessarily everybody agree with. And the people who don't agree, have every right to implement a similar, even file-format or API compatible, project and give it another license. Gnumeric vs Excel, for example. It's so disgusting to see people who are either malicious or non mentally capable enough to understand this.
This entirely misses the point. Re-implementing code based on API surface and compatibility is established fair use if done properly (Compaq v. IBM, Google v. Oracle). There's nothing wrong with doing that if you don't like a license. What's in question is doing this with AI that may or may not have been trained on the source. In the instance in the article where the result is very different, it's probably in the clear regardless. I'm sympathetic to the author as I generally don't like GPL either outside specific cases where it works well like the Linux kernel.
The real test would be to see how much of generated code is similar to the old code. Because then it is still a copyright. Just becsuse you drew mickey mouse from memory doesnt above you if it looks close enough to original hickey mouse.
Palantir and other tech companies are stocking offices with tobacco products (fortune.com)
biohacking? it's snus and it's dangerous: https://www.fhi.no/en/publ/2019/health-risks-from-snus-use2/
That's unnecessarily cynical. I've been in plenty of companies where the staff, managers included, enjoy going for a pint together. I'm in the UK, maybe it's cultural.
I agree, I made it too black and white. I should've said that some, probably most (in my opinion), of such decisions are made with productivity in mind, whether it's in the form of team cohesiveness or favorable view of management, but some are just because managers have the best interest in mind for their subordinates. OTOH, if you've witnessed how most managers talk about their employees to one another, it's with a cold calculating language. Sure, a manager may feel bad for firing an employee, but first and foremost is the business analysis of whether it makes sense to do so - just pure math and predictions. Personally, if I was in a management position and an employee asked me for a cigarette, I would happily give it to them. In fact, a few times a week I give a few cigarettes to 1 person who is not my employee, but who I talk to from time to time. I don't gain anything from this and I give them cigarettes because they are on a tight budget. Also, if I, as a hypothetical manager, realized a lot of my employees would take an offer for free coffee, cigarettes, pure nicotine, beer or another drug, I would give it to them as long as it didn't hurt productivity too much. Of course some drugs like alcohol could hurt short term productivity, but it would make them happier overall, which would have positive long term effects. If asked why I do this, I would say that I'm both giving them out of my good will and to increase productivity, which would be true.
Pretty clear from the responses to OP that most people are quite unaware there is almost two decades of decent research on pure nicotine now, and that, outside of vaping (where hard evidence is mostly lacking, due to the novelty), the purer stuff probably really isn't all that addictive, in the grand scheme of things. In many cases it is hard to even say it is much different than caffeine.
Can you point to said research because everything I can find from any kind of authoritative source is that form doesn't matter and nicotine is strongly addictive in all of them. There is like zero messaging out there from anything resembling a health organization that says, "nicotine in purer forms is okay actually." It's an extraordinary claim that nicotine is super addictive only when mixed with other stuff and if you get the pure concentrated drug that actually lessens its pharmacological effects.
Utter nonsense Got something other than anecdata? Because a web search returns a list of contrary sources as long as my arm. But, hell, if we are trading stories, I dipped snuff for 30 years and I’ve consumed coffee since middle school. I can go days without coffee, even if I might not be happy about it. Quitting tobacco, OTOH, that was tough, with multiple starts and stops until success.
[delayed]
Rising carbon dioxide levels now detected in human blood (phys.org)
You clearly haven't given a lot of thought to questions like "where does all this cheap food/housing/heating come from?" The fact that fossil fuels -- since their mass adoption in the late 19th century -- are the single largest cause of improved living conditions is standard economic history. > An unsustainable solution is not in-fact a good solution. It was a perfectly good solution. It replaced wood fires which are clearly worse. Coal was great until natural gas became available. As solar/wind/nuclear become abundant, they are conintuing to displace fossil fuels.
This all seems very confused. I would say you clearly have not thought this through, but that would be fairly rude given the tiny scope of this comment thread. If your definition of better (or perfectly good) is: makes me more comfortable in the short term then I can understand that perspective.
I'm old enough to remember the Obama Admin's support for the nascent battery and PV industries. Ditto Biden Admin's support for our transition to renewables (IIJA, IRA). Unprecedented. The type of Keynesian investment in the USA (industrial policy, pro-labor) unseen since FDR's New Deal. > don't forget that Joe Manchin No one on the left ever will. That said, it's important to note that the Democratic (center-left) coalition is wicked hard to hold together. Have you read Caro's (epic) biographies of LBJ? It's amazing how much skill, subterfuge, and manipulation was required to pass progressive legislation over the objections of the die-hard reactionaries. Everything about politics sucks. Chaos, apathy, nihilism, grifting are the default. It's absolutely amazing that anything gets done at all. So we should celebrate, and learn from, the occasional success.
> So we should celebrate, and learn from, the occasional success. What success? It's too late. The time for decisive action was decades ago. The worst case scenario is occurring now. Humanity totally failed to avert a disaster. We've already blown past the global temperature thresholds that scientists warned about. Now we're going to have to deal with the consequences. There's no going back in time to prevent it. This was never a problem that we could wait on for "the occasional success."
> the other would very much like to take action on the issue if they had the political power. They had political power! During the Biden administration, during the Obama administration, during the Clinton administration. Al Gore is a famous environmentalist... for making a movie after he was out of power. What the hell did he do for the environment when he was literally in the Oval Office, at the side of the President?
Are you familiar with the Copenhagen Interpretation of Ethics? https://gwern.net/doc/philosophy/ethics/2015-06-24-jai-thecopenhageninterpretationofethics.html And Murc's Law? https://en.wikipedia.org/wiki/Murc%27s_law
Judge orders government to begin refunding more than $130B in tariffs (wsj.com)
Putting aside the discussions of who will actually see any money returned, I will note that this haul covers about 100 days of war with Iran. ($1 Billion per day is the initial assessment from the Pentagon.) [0] For anyone who was still under the illusion that the tariffs would make any impact on the government debt, hopefully this illustrates that both the tariffs and the ridiculous DOGE effort were never really about the budget. [0] https://iran-cost-ticker.com/
When Biden's student loan forgiveness program was determined to be illegal (twice) by the Supreme Court, nobody ordered that the recipients give it back.
This one needs a bit more time in the oven.
SCOTUS is entirely to blame for the chaos here, the courts quickly found the tariffs illegal but they used the shadow docket to stay the ruling causing the illegal behavior to continue for a year.
There are three co-equal branches of government. SCOTUS is to blame for the chaos, but so is Congress. The Republican members of Congress could have joined the Democrats at any point to reassert Congressional power over tariffs and taxation. They chose not to. They also chose to appoint the conservative majority on the Supreme Court which made these choices.
I'm gonna have a stroke. The Congressional Budget Office found that consumers paid 70-80% of the tariffs, totaling more than $1000 per household. Where is my refund?
Unfortunately, this is what republicans voted for, as approved by their congressional representatives who declined to assert congressional power over taxation. Sadly, we all have to live with it until they wise up or quit voting.
The corruptions of this administration are legion, but this isn't one of them. Unless you can point to something Lutnick did to create this outcome, I don't see how he had a better view of the whole thing than anyone else.
Who cares who came up with the illegal tariff implementation, the point is that a member of the government profited off of their own administration's incompetence. It's obscene. I don't care whether a law was broken or not. You want to profit from government incompetence? Stop being part of the government then.
>but he did have access to internal White House legal opinions before the tariffs were announced yes but the opinion that it was illegal was the received wisdom by everybody with any sort of legal expertise in the subject. It would have been completely insane if the white house staff didn't believe the same. So I guess I'm actually surprised at the white house staff believing what everybody else did?
[delayed]
Yes it absolutely is valuable to have access to expert opinions and people do pay money to acquire opinions from experts. But expert advice, even if material, is not the same as insider information.
Well, I think context matters here a lot: If you go to a random lawyer in Wyoming and ask them to write "expert opinion" then what you'll get would probably be something standard, written by a junior associate, or maybe even produced by ChatGPT. If the White House orders "expert opinion" on potential Supreme Court ruling then the chances are that the expert asked to prepare it is someone who plays golf with some of the SCOTUS judges. So those two "expert opinions" might not bear the same weight.
The quality of an opinion has no bearing as to whether that opinion is insider information.
> Rather than claim a straw man, think about what they do and how it interacts with the administration. Uh, essentially betting against a policy your former head put in place isn't a typical thing? You would absolutely steer clear of this. There's plenty of other things they could be doing, no? Just to make the point. This is such a typical thing investment banks do, that (especially) they are the ones doing it and nobody else?
It's an investment bank. They have a million things going on, sometimes counter to each other.
Please direct me to the nearest grocery store that sells US bananas made with US materials
How many bananas have you been eating since tariffs were put in place?
Good software knows when to stop (ogirardot.writizzy.com)
Also from 37signals, somewhere in their first book they talked about the importance of 'evergreen' things people always want, things like 'the speed of software'. As a junior dev I didn't really get the point or thought it was not that important. I browsed further in the book looking for other gems of wisdom, and this 'speed'-thing only stuck in my head for the wrong reason, thinking it was a little obvious for such clear writers with a solid vision. Only 15 years later - now a couple of years back - I started to realize the importance of this. The apps on my smartphones seemed to get slower and slower by the year. The fast software experiences were a real joy amidst slow apps. I now have an appreciation for their opinion on 'evergreen' things like the speed of software.
> `als` doesn't just show files. > It predicts which ones you meant. > It ranks them. > It understands you. This is so good I want to know whether someone generated this or wrote it by hand.
If they did they learned writing from an LLM first.
Classic represents a different design philosophy. One that still appeals today. It has nothing to do with nostalgia. Or games like Project Gorgon wouldn't be so appealing to people.
So we are back to what I said earlier :p People do not want "classic": people want a "good" game that has some specific characteristics
> People do not want "classic": people want a "good" game that has some specific characteristics as long as those "specific characteristics" are literally and exactly what classic wow is, sure.
 Top