Unlurker|Replay|About
Show HN: A TS SDK for Building Chatbots Across Slack, Teams, GChat, Discord etc. (chat-sdk.dev)
I'm guessing this could easily be used to "make your own claw"?
I would imagine it's easily reproducible with an Ai coding
Hacking an old Kindle to display bus arrival times (mariannefeng.com)
I was glad to see the note about battery life down at the bottom. My biggest challenge with the old Kindles I have laying around is that most of them won't hold a charge!
I haven't developed on the Kindle ecosystem, but with old Nook devices I am able to set a screensaver, alarm, and put the device into deep sleep between refreshes. This changed my battery life from ~48 hours into 30+ days of battery life even with some old devices. The "electric sign" app does this, which is where I referenced the code. With the trmnl app for nook I wrote, the image only refreshes every 10 mins so the device will set a ~9 minute alarm to wake the device right before it needs to load the next update.
Yeah that was definitely a worry of mine before I booted it up. Luckily it's still got decent battery life. We'll see how it holds up in 6 months... Dyson vacuums and Kindles are not the same whatsoever, but I wonder how easily it'd be to swap out the battery on an older Kindle. For our vacuum, all I needed was a 20 dollar replacement battery and the will unscrew 3 mini screws.
the killer feature of e-ink for this use case is power consumption. an e-ink display draws zero power to maintain an image - it only uses power during a refresh. for a bus schedule that updates every 60 seconds, you are looking at maybe 50mW average vs 500mW+ for an always-on LCD. that means you can run it off a small battery with solar for months without touching it. the ghosting issue people mention is real but largely solved on newer e-ink panels with partial refresh modes. the Kindle 4 used in this project supports partial refresh which avoids the full black-white flash and cuts refresh time to ~250ms.
Right now I'm doing a partial refresh, and it manages to last for a couple days but would be cool if it could be unplugged for 2 weeks. A small solar battery is a VERY interesting idea. If I don't end up being able to hit that number by adjusting the code itself, will look into it.
> for a bus schedule that updates every 60 seconds Bus stops in Shanghai have e-ink displays that are kept up to date with the current estimated arrival time of each bus. (I don't know what the time resolution is; it could be 60 seconds, but not much longer than that.)
Kindles are fun devices to hack and play with. I can grab an old kindle for €15-20 on eBay. I did the same last year and had lots of fun in the process. https://samkhawase.com/blog/hacking-kindle/
I love it! Always fun to see the route somebody else took to get to the same end product. Your post is making me want to try more Cloudflare Developer Platform stuff like Cloudflare Workers.
Tesla registrations crash 17% in Europe as BEV market surges 14% (electrek.co)
I am not surprised. Considering only the main segment, i.e. Model 3 and Model Y, there has not been any major innovation by Tesla for years. No significantly better battery technology. No significantly more powerful or efficient motors. No significantly improved comfort. They have been making minor improvements in many areas, yes. For instance, they added ventilated seats, adaptive suspension, front camera, etc. But those are not new technologies that would make them stand out. The competition already had such features before. Meanwhile, the Chinese cars have head-up displays, massage seats, vehicle to load, internal power outlets, fridges, dimmable glass roofs and what not. One might argue that Tesla is improving their driving assist technologies and that is, in Tesla's view, supposed to be the deciding factor which would make them stand out. But I am not sure about that. Their better driving assist (the so-called "FSD") has not been available in Europe for years. But that is almost besides the point. The most important question is, in my opinion, the following: Who cares about those systems enough that they would be willing to pay $100 a month or $8k, $10k, $15k or even more one time for this kind of technology? From what I have heard, the majority of drivers does not care. Not for this kind of money. No matter how good such a system might be. Assuming that there will be a significant number of people who would be willing to pay thousands of dollars extra for a driving assist feature is, in my opinion, detached from reality.
Nazi salutes tend not to go down well in Europe. Especially for the sort of people who are interested in buying EVs.
8,075 owners didn't seem to mind it. Gigafactory 4 hums along with them. That's still a respectable output for any car factory.
Another fair and balanced headline from Fred, has he put out a neutral to positive article on Tesla in the last 4-5 years? What did Elon do to him?
He never claims to be unbiased, and had personal beef with Tesla as a shareholder. https://electrek.co/2024/09/05/i-sold-all-my-tesla-shares-tsla-why/
Did Tesla's EVs reduce carbon emissions or not? You can't say it without contradicting your party/religion.
Pretty sure the science is settled on EVs and carbon emissions, is there something you find controversial?
Sure. But Mussolini made the trains run on time - right? Can you give an example of one of these "useless" green programs?
> But Mussolini made the trains run on time - right? making an inappropriate hand gesture is comparable to being a mass murderer? > Can you give an example of one of these "useless" green programs? https://en.wikipedia.org/wiki/Solyndra
The US market is extremely regressive due to the changing regulatory environment. I fully expect new ICE cars without catalytic converters in the near future. This is not representative of the rest of the world.
They might be happy that they can keep making V8s, but they have to know any future administration could easily outlaw any design that goes too far backwards. Such a car will also not be able to be sold anywhere else in the world. Heck, by the time they design, tool, and produce such a beast it could already be too late.
Nonsense look at VW and their cheating scandal (don't look into their history where they actually did work for the actual real Nazis), Elon's hand gesture, which was 100% not a nazi salute, is nothing compared to that. VW still sell cars ok.
> don't look into their history where they actually did work for the actual real Nazis If that kind of argument is on the table, also don’t look into Elon’s Nazi-sympathizing grandpa who moved to be able to rule over Blacks, nor his father’s illegal mining under apartheid that funded the Musk family.
[dead]
> Typical leftist low IQ trope I gotta say, if you think I am a leftist, then you must be very, very, VERY far to the right.
ICE also degrade over time. Batteries tend to last way longer than internal combustion engines.
My 13 year old Volvo has 138,000 miles and the same mileage as advertised when it was first sold. Also, when an engine goes, you can rebuild it, you can do a valve job, or replace the gaskets, replace the oil pump, replace the cylinder sleeves and you have a brand new engine. Or if you have scratches on your cylinder walls, you can bore those out and install wider pistons, rebalance the crankshaft, although on many modern engines the cylinder sleeves are effectively sprayed on and are just a few microns thick, in which case you need to get a machine shop to bore out the lining and install a race sleeve with custom pistons, which is expensive, but you can do it. And you can do this for less than the replacement cost of a car battery, both in terms of price and more importantly in terms of minerals required. You are talking about adding at most a couple of pounds of steel or aluminum versus manufacturing a new 700kg lithium iron with a lot of circuitry. The main constraint now on car longevity is going to be the circuitry and all the electronic modules. Those expire with time and need to be replaced, and they are the same for EV and ICE, I'd wager that EVs have much more. Thermal stresses, vibrations, capacitors degrade over time, there is corrosion from moisture, etc. How many years do you think all those Tesla boards will last? I would worry about them more than the battery, which has proven to be very durable, and long term we will find ways of servicing these batteries without requiring replacements. Or at least, some manufacturers will, and smart consumers will buy from them. Just think of the problems a 20 year old computer has, one that has been used for an hour a day for 20 years. Now imagine one constantly vibrating, left outside in the sun and rain, etc. What would be the survival rate of that board over 20 years? Not good. What we all need is an open source car for the electronics, as well as right to repair laws. That is probably the most important thing needed to keep cars on the road.
Same as any other economic system: power is usually concentrated around a very small group of people. In socialism and communism, that concentration typically occurs within the party leadership or central planning apparatus. However, in free-market capitalism, anyone is allowed to participate in capital formation and accumulation. Ownership is not formally restricted to a political class. Entry into markets is open in principle (unless it stops being a free market), and capital allocation is decentralized through free and voluntary exchange rather than administrative decree. That does not mean capitalism eliminates power concentration, as Wealth can accumulate and translate into political influence. But the mechanism of power differs: In centrally planned systems, control flows from political authority. In market systems, control flows from voluntary transactions and competitive success.
> Same as any other economic system Only if you limit yourself "capitalism" and "communism" as the two economic systems you are are considering. What we should be doing is noticing that these two systems fail in very similar ways (concentration of power in a small group of people), and think about what kind of system might not fail in that way.
I don't follow. Even now there is nothing preventing anyone here from making something for millions of dollars. While VC capital is closed to a select few, a person in a garage can still make it big. Communist counties tend to gate keep even more. To the point that it is entirely who you know, with little concern to what you do.
> Even now there is nothing preventing anyone here from making something for millions of dollars. Any one person might. But the system is setup such that's it's almost impossible for everyone to do well. > Communist counties tend to gate keep even more. To the point that it is entirely who you know, with little concern to what you do. And in capitalist countries, it's how much money you have. Swings and roundabouts.
2.25% so far today. How does this seem to always happen?
People expected something like that to happen, so only the few most naive people waited for the news to sell. As a result, people that would sell because of that sold already. On the other hand, after those few people sell, the stock won't fall anymore, so the people that were waiting for it to stop falling before they buy make their move. That's very common, but not reliable for you to make a profit on it. And anyway, those short-term changes are mostly meaningless.
That doesn't seem to be the case across Europe based on current sales. Looking at marketshare in the EU+EFTA+UK 2025 to 2026: VW Group went from 26.8% to 26.7%. Stellantis went from 15.5% to 17.1%. Renault Group went from 9.8% to 8.7%. Hyundai Group 8.4% to 7.6%. BMW Group 7.0% to 6.9%. Toyota Group 8.0% to 7.2%. SAIC Motor was flat at 2.0%. BYD 0.7% to 1.9%. Tesla 1.0% to 0.8%. So it doesn't really seem like BYD is eating into the sales of European manufacturers yet. VW + Stellantis + Renault + BMW + Mercedes + Volvo + Jaguar Land Rover was 66.9% in 2025 and it's 67.1% in 2026, an increase of 0.2 percentage points (looking at just VW + Stellantis + Renault, it was an increase of 0.4pp). We'll see what happens going forward, but Chinese cars aren't killing it yet. SAIC Motor is flat. BYD is doing very well, but it's a lot easier to grow when you're small. I think that Chinese cars will present challenges, but I'm less sure that it's over for European automakers. Right now, European automakers are marginally increasing their marketshare (probably more noise than anything, but not evidence of decline). I think BYD is a strong company and I think they'll continue to gain marketshare, but will others? SAIC has seen modest European growth since 2024, but nothing really threatening and they're sitting at 2% marketshare and their modest growth seems to becoming no growth. Chery is really small. Geely is ultra small without Volvo. So it feels like it's really the BYD story. BYD is the company actually making inroads and growing at a significant rate. And I don't think that a single company can destroy the European auto industry. It's possible BYD could become 10-20% of the European market and that would be a major win for them and make a significant dent in competitors. But do you see them becoming more? Are there other companies that seem promising?
> And I don't think that a single company can destroy the European auto industry. I’m still surprised auto hasn’t turned into a duo-tri-opoly. Took a while but ~60% of eu cell phones are an Apple or Samsung. If anything, the Chinese entrants are reversing some effects of automotive consolidation. I guess marketing still convinces people that tons of vehicle choice is still necessary.
Current estimates are 500,000-1,000,000 directly from aid cuts https://www.cgdev.org/blog/update-lives-lost-usaid-cuts with 1.6 million deaths projected.
More lives would be saved if usaid never existed.
From that URL: our estimates of “lives saved per dollar” from US aid are, at best, ballpark estimates I can't help being very suspicious of up to a million dead without identifying a single dead individual, or country or even continent where these mass deaths are supposed to have occurred.
Also from that URL (with links): > There is on-the-ground evidence of resulting impacts: Rising malnutrition mortality in northern Nigeria, Somalia, and in the Rohingya refugee camps on the Myanmar border and rising food insecurity in northeast Kenya, in part linked to the global collapse of therapeutic food supply chains. Spiking malaria deaths in northern Cameroon, again linked to breakdown in the global supply of antimalarials, and a risk of reversal in Lesotho’s fight against HIV, part of a broader health crisis across Africa. "Spiking malaria deaths in northern Cameroon" links to an article[0] which states: > BOGO, Cameroon, Oct 2 (Reuters) - Nine-month-old baby Mohamat burned with fever for three days before his family took him to the closest health centre in northern Cameroon, but it was too late. He died of malaria that day. Mohamat's death was part of a spike this year in malaria fatalities that local health officials attribute to foreign aid cuts by the United States. Before the cuts, Mohamat might have been diagnosed earlier by one of more than 2,000 U.S.-funded community health workers who would travel over rough dirt roads to reach the region's remotest villages. And at the health centre, he might have been treated with injectable artesunate, a life-saving drug for severe malaria paid for by U.S. funds that is now in short supply. But the centre had none to give out. So the URL very directly identifies a dead individual, a country and a continent, while also mentioning other cases that we hopefully all can agree will also directly lead to deaths . Do you take issue with this example? Or why are you stating that they're not "identifying a single dead individual, or country or even continent where these mass deaths are supposed to have occurred"? [0]: https://www.reuters.com/business/healthcare-pharmaceuticals/babies-deaths-cameroon-show-how-us-aid-cuts-curtail-malaria-fight-2025-10-02/
I was under the impression EV's are relatively maintenance free, especially compared to ICE. What are the typical failures of those teslas?
They have had problems with the suspension arms, but word on the street is that it’s just the brake discs. Denmark is significantly more moist than California, and EVs regenerative braking doesn’t wear the braking discs, so they rust, thus failing inspection. The solution is trivial (periodically disable regenerative braking), but many people didn’t know.
So have not heard of Volkswagen?
VW had massive, ahem, political support.
No, over 100 years there have been vast improvements in efficiency in ICEVs. In EVs, the curve is mostly flat. The hope is for better batteries, but developments are excruciatingly slow.
EVs are incredibly efficient. It's why aerodynamics matter so much and they all look so weird. The electricity from fossil sources they use is also efficiently generated at scale and in many states, mostly from renewables. It's equivalent to driving an ICE car that gets 200mpg in the absolute worst case.
The curve is mostly flat for EVs because they started with such high efficiency to begin with. At their best, internal combustion engines are quite terrible so there has been more room to make improvements. Even so, the vast, vast majority of cars in the past 100 years have had all of the technical innovation of a washing machine (and that might well be underselling the washing machine!). > developments are excruciatingly slow 10% a year on average, something like that? ICEVs haven't had that kind of incremental improvement in a loooooong time.
You have to zoom out a bit. EVs are still improving of course because they are relatively new. It's not fair to compare that to the last few decades of car history. You can make any flat looking graph look steep by zooming.
I believe you have a mistaken impression. First, the bottom has fallen out of the used market creating significant buyers remorse for early adopters. Buyers remorse also for the switch from the previous US charging standard to Tesla's. And people are generally waiting with bated breath for advancements in battery technology for charging speeds, longevity, and capacity. Accurate or not, people are waiting for the technology to mature so they don't have an EV that isn't worth what they paid for it.
> First, the bottom has fallen out of the used market creating significant buyers remorse for early adopters. I feel this directly. On paper I've lost more money on my Model 3 than I have on the previous half dozen cars combined, I'm pretty sure. But on the other hand, Ford canceling the Lightning has (at least temporarily) improved the resale value on my Lightning considerably. I couldn't really sell it today for what I paid for it, but I wouldn't be that far off. Problem is that I don't really love the Tesla, but I do love the Lightning. Ha! So I keep them both but for differing reasons. > the switch from the previous US charging standard to Tesla's As an aside, this is finally happening for real! Several models coming to market now are shipping with J3400 (aka NACS) ports standard. Yay! I look forward to a time where the days of various adapters being required are firmly behind us.
I genuinely don't understand, is the Optimus real? Isn’t there a like 10 to 1 ratio of Boston Robotics demos to Optimus demos? Has it ever been verified to actually do anything? Boston Robotics robots are over there doing backflips and the only thing I’ve seen Optimus do is in extremely controlled environments.
Optimus is a longer horizon promise that allows Elon to keep kicking the "can of untold profits" down the road. Tesla car hype has fizzled, robotaxi is currently fizzling, so the new promise is optimus. Elon sells dreams and visions, not really products. Tesla absolutely cannot keep it's valuation without a promise for it's delusional stock holders or actual massive revenue streams.
The hype to fizzle cycle is shortened with each new dream and approaching zero, which is the true value of the company.
This it could be the real strategy. Because the more credible promises you make, the more valuable is your company. If sales of cars are spiraling down, then what promises remain there to keep valuation ?
I second this. Is there anyone who actually believes Optimus is going to be a success and has any sort of data to back that up? I'm not in robotics, but I look at humanoid robots and, while incredible examples of engineering know-how, they seem to be a long way from useful in commercial applications. Am I jhust ignorant of their true value? Seems like all I ever see them doing is parkour.
Is there any evidence there is any kind of market a humanoid robot at all? (Regardless, from what I've seen, the Chinese will own this segment too.)
Optimus could do really well if they had all the smartest robotics engineers working on it... But it seems that ~80% of the smart people I know refuse to work for Musk on principle, and the remaining 20% prefer to work somewhere that pays well (Musk companies do not). End result is he has a team of mediocre engineers working on it which is why their demos appear years behind some competitors like Boston dynamics and Unitree. I think the same is happening to Tesla cars (not much innovation in the last few years).
There is some value in producing a lot of solid hardware, but nowhere even close to Tesla's absurd valuation. I think they are perfectly capable of writing software to drive the robot - if Musk doesn't stick his head in like he did with LIDAR/FSD and impose some stupid requirement that handicaps the product.
But how would we evaluate "perfectly capable" without evidence, there's just been no evidence they've done anything so far right? Am I missing something? I guess looking closer it was only announced four years ago. But it seems like it's only been smoke and mirrors so far.
Do manufacturers tend to pump out parts for old models after they are superseded by newer ones?
A lot of parts are refurbished too. Transmissions, differentials for example.
This is an urban legend. Safety defects have to be remedied by the manufacturer for a period of 10 years, but that remedy doesn't have to involve replacement parts. https://www.nhtsa.gov/interpretations/timereplcepartpollak12-03
I agree, looks like you are correct. It seems that it is just one of those things that manufacturers have agreed to do voluntarily, in the absence of a specific law. I imagine they have calculated that the loss of goodwill from abandoning a product quickly would outweigh the cost savings (especially since there is so much sharing of parts that keeping a few specialty components on hand is not going to move the needle much).
No? The law is just the law. But until someone actually gets a judge to rule that what they did is illegal...
Do you actually look at the current US landscape and think “the law is just the law” for the rich and poor alike? Getting a judge to rule on something is also part of that “the law is just the law” and it’s obvious that judges are more willing to rule on cases for the poor and powerless than the rich and connected.
Buying a 30M USD mansion to the daughter of the judge is going to fix that.
Russian soldiers tell BBC they saw fellow troops executed on commanders' orders (bbc.com)
I’ve always wondered what made him turn around. Threatened his family? Was Prigozhin a family man?
Probably just realized he didn't want/couldn't lead a military dictatorship, which probably would've been his only option at that point.
If Wagner's rapturous welcome in Rostov was typical elsewhere, he wouldn't have needed to run a military dictatorship. He seemed to lose his nerve after his call with Lukashenko. It's tough to imagine it being anything other than a threat to his family, in which case it was a schoolboy error to fail to secure them before launching the rebellion.
Having read the entire article, I also wonder how the soldiers let commanders execute fellow soldiers? That's got to take some serious psychological breakdown to not pull a sidearm and shoot the corrupt commander.
From other articles I've read: the commanders have their own bodyguards and soldiers get their weapons only when actually sent to front. Also, there are castes of soldiers. Those who are cannon-fodder are sometimes even brought in handcuffs (there are even videos of this).
Fear of being executed, probably. Russia has not historically been friendly to whistle blowing.
My lobster lost $450k this weekend (pashpashpash.substack.com)
You ever feel like you live in a different world than people like this? I don't even mean that derogatorily, it's fascinating.
This feels like a big PR stunt. Published by a ai tech bro, highly ambiguous, hard to verify, where’s the money going? Sounds great as a headline. Edit: Just looked into timeline, it does not add up.
It’s starting to sound like the plot of The Prestige (2006 Christopher Nolan film)
https://en.wikipedia.org/wiki/Moon_(2009_film)
Steel Bank Common Lisp (sbcl.org)
the HN migration from Racket to SBCL is probably the best real-world case study for SBCLs native code compiler quality. going from pages of comments needing pagination to rendering everything in one shot is not a minor optimization - thats an order of magnitude improvement in throughput for a real production workload. what doesnt get mentioned enough is SBCLs type inference. if you add type declarations to hot paths, the compiler generates code that rivals hand-optimized C. the REPL-driven development workflow where you can redefine functions in a running system is still unmatched by anything in the modern tooling ecosystem.
While great option, LispWorks and Allegro Common Lisp should not be overlooked, too many focus on SBCL + Emacs and then complain about Lisp tooling.
I use emacs regularly, and I think the complaints against it are perfectly valid. Emacs awesome in lots of ways, but it also really, really sucks in lots of other ways. But putting emacs aside, the SBCL tooling seems reasonable to me. The real reason I rarely reach for lisp these days is because the library ecosystem is a wasteland of partial implementations and abandoned code bases. It's also been my experience that LLMs are better at writing more mainstream languages, especially "newbie-proof" languages like Go. In any case, I don't see why one would reach for Allegro or Lispworks over SBCL unless one really enjoys writing lisp by hand and needs specific features they offer that SBCL doesn't. I would imagine those features are vanishingly few.
Older HN users may recall when busy discussions had comments split across several pages. This is because the Arc [1] language that HN runs on was originally hosted on top of Racket [2] and the implementation was too slow to handle giant discussions at HN scale. In September 2024 Dang et al finished porting Arc to SBCL, and performance increased so much that even the largest discussions no longer need splitting. The server is unresponsive/restarting a lot less frequently since these changes, too, despite continued growth in traffic and comments: https://news.ycombinator.com/item?id=41679215 [1] https://paulgraham.com/arc.html [2] https://racket-lang.org/
I love this comment: "Btw, we rolled this out over 3 weeks ago and I think you're the first person to ask about it on HN. There was one earlier question by email. I think that qualifies as a splash-free dive." I had no idea and I'm an HN addict!
The "splash-free dive" metaphor came from the greatly missed sctb and was the source of much fun conversation at HNHQ.
I was the person who emailed him about it earlier. 2024-09-05, me: On another topic, I just noticed that the 700+ comments on https://news.ycombinator.com/item?id=41445413 all render on a single page. Hurray! Is the pagination approach obsolete now? I know that you've commented several times about wanting to optimize the code so pagination wasn't necessary. I don't know if that's finished or if pagination will have to go on the next time there's a big breaking story. Dan G: Yes: the performance improvements I've been working on for years finally got deployed, so pagination is turned off for now. (In case you're curious, the change is that Arc now runs over SBCL instead of Racket.) ... Btw you're the only person I know of who's noticed this and pointed it out so far! I have very mixed feelings about how much I know about this site.
It's awesome and the lucky 10,000 deserve to be introduced to it?
A well known quantum computing company's entire stack runs on SBCL, with Emacs in production... works really well, don't knock it until you've tried it. Phenomenal REPL.
It's a recurrent event when someone on HN discovers some well-known piece of technology.
agreed, but "tosh" posted numerous times on SBCL over the last 7 years, so it's a valid question. https://hn.algolia.com/?q=tosh+sbcl
OpenAI, the US government and Persona built an identity surveillance machine (vmfunc.re)
Wonder how many lists I'm on for the unholy sin of saying the glorious american leader is a moron
I don't really understand why ICE would have a Persona OPenAI connection...?
Really? Sounds like they are a customer.
This is a hilarious personal website! Love it. Even better that it's paired with quality content.
I felt alive again as I used my physical volume button down to focus on the text.
The right wing went full censorship and surveillance long before the Charlie Kirk assassination. Anyone who believed that the right wing (or the left wing, for that matter; let's not pretend that censorious dipshittery is not bipartisan) was honestly promising freedom of speech as opposed to merely freedom of speech they like and censorship of speech they don't like was at best willfully blinding themselves to the actual actions of politicians.
> long before the Charlie Kirk assassination. True. The free speech narratives are mere tools against opposition by promoting the most childish and stupidly rigid interpretations thereof, not something they really believe in. The whole conservative project is doomed from the start as it has to confront science and progress like the emancipation by women, lgbt people and certain ethnicities. > or the left wing, for that matter; Both sides is uncalled for. Far left and the horse shoe, sure, but a) far left is very fringe, and b) lets not equate them with a well funded actual insurrection of oligarch and white nationalists with a paramilitary .
It seems like at every technological step, we're sold the dream and delivered the meme. We always end up with the worst possible combination of players, ideas and outcomes; with the promise of what the said technology delivers in terms of additional freedom or free time never realised. How many more broken social contracts can society endure before it crumbles?
The story here is that a FedRAMP-authorized system had 53MB of Vite dev source maps exposed on a production government endpoint. That's not "sold the dream, delivered the meme," that's a specific auditable compliance failure. Meanwhile a fintech engineer explaining that this is all standard legally-mandated KYC infrastructure got flagged to death. The interesting question isn't whether technology betrays us, it's why US law requires this surveillance apparatus in the first place and why the security assessment apparently missed checking for /vite-dev/ on a government system. Also every technological step? Ever? Really? This wouldn't happen to be typed on a computer from a climate-controlled room on a nice global network or anything?
You seem very confident. This seems to imply you feel the haves will know when to leave enough on the table for the have nots to still feel like they are a part of the haves . I'm not so confident in that.
Far more likely is that we head back to a feudal era where data mining tech is used to identify and eliminate potential rabble-rousers. Once enough production is automated, all remaining have-nots are exterminated.
OpenAI resets spending expectations, from $1.4T to $600B (cnbc.com)
OpenAI doesnt have a single model in top 10 models being used on openrouter.ai Thats a weekly metric on https://openrouter.ai/rankings flagship chatgpt 5.2 model is at #16 PMF is now evolving when competitor models are either smarter or cheaper.
What do we think? Is this possible without AGI level breakthroughs? If we see a continuation or even a slowdown of the current trend, the technology overhang, lagging productization, and catch up from the slow adoption of AI by businesses probably gets them part of the way there, but I don't know about 1000% growth at this point... Seems kinda like they're banking on another breakthrough no? And if they don't get the breakthrough, the downside risks such as a competitor of some sort destroying their margin can't exactly be ignored...
Does this mean RAM is going to get cheaper?
Ponzi scheme. Scam. I don't trust OpenAI a tiny bit.
the interesting thing from a practitioner perspective is how much the actual cost of using AI has dropped even while these capex numbers are astronomical. generating images is down to $0.003 each, TTS is 8x cheaper than it was a year ago, and you can produce a full AI-generated video for under $2 in API costs. the disconnect between infrastructure spending and unit economics reminds me of the fiber optic overbuild in the early 2000s. enormous capital was wasted on capacity that took a decade to fill, but the people who built on top of cheap bandwidth did extremely well. the value capture for AI is likely going to be similar - not in the model providers but in the applications that use cheap inference as a building block.
I feel like the dropping cost of using AI doesn't tell the full story - I feel like I'm using agents easily a hundred to two hundred times more than I used chat interfaces. The build-out seems entirely reasonable if we believe that there's going to be a similar increase in usage through the rest of the economy as user interfaces are figured out for these models.
its going to get cheaper but the new hardware will still be out of limits for consumers and they need to provide returns on the shares aka wealth transfer from taxpayers + subscribers to shareholders. but even by some miracle they get to 60% margins are there even enough subscribers to make OpenAI as profitable as Microsoft?
I think TSMC laughed them out of the room when they announced the original numbers. So maybe there’s no reaction now because everyone already knew not to trust OpenAI’s promises.
the TSMC name dropping in HN circles is cringe
So are all the RAM, GPU and HD manufacturers going to honour their purchasing commitments?
this is the underreported second-order risk. Micron, Samsung, SK Hynix all allocated HBM capacity based on hyperscaler capex projections. NAND fabs are similarly committed. a 57% reduction in projected OpenAI spend (.4T -> B) doesn't just affect NVIDIA orders -- it ripples into the memory suppliers who shifted capacity to HBM and away from commodity DRAM/NAND. if multiple hyperscalers revise down simultaneously you get a situation similar to the 2019 crypto ASIC overhang: companies tooled up for demand that evaporated. not predicting that, but the purchasing commitments question is real.
I don't get it. A trillion here, a trillion there and all the AI companies are also telling us they're planning on wiping out 2/3 of jobs in the next 10 years? Nothing about the economics of the AI boom makes any sense. I'm not saying it's not possible, but if we wipe out 2/3 of jobs with AI, who is going to be buying *all the stuff*? Unemployed people aren't much of a demographic, and you can't just say UBI because that doesn't make sense either. You think the billionaires are going to allow themselves to be taxed heavily enough to support UBI just so that there's a market for people to buy stuff from them? That's nonsense. Not trying to creep anybody out, but I just don't see a stable outcome for a society that doesn't need 2/3 of the population.
Tripling productivity is not the same as thirding jobs. Demand will grow. People enjoy products and services.
"It may be difficult to know what role money will play in a post-AGI world."
I’ve seen no discussion about what the social consequences are going to be if a predicted 2/3rds of people lose their jobs. I don’t imagine they’re pretty.
We're already there. Most of us have jobs that are just made up to fill the gaps after steam power and automation. In the future, we'll have jobs that fill up the AI gap. It's UBI, but more arbitrary so we can tell ourselves we're useful while group X is not.
Hmmm. I wonder if you get to choose between window maker or window breaker.
>I'm not saying it's not possible, but if we wipe out 2/3 of jobs with AI, who is going to be buying all the stuff ? Money is just a proxy for access to resources. If a machine that is capable of replacing almost all jobs is really created then money will matter much less than access to said machine. Taken to the extreme to make the point, if you had a genie that could grant your every wish, what would you need money for ?
OpenAI is not going to pay off my mortgage, it’s not going to replace my roof, it’s not going to fix my car, and so on. Money is still going to be very necessary for goods and services.
Money is a proxy for the value of peoples' time. Since AIs are not people, they cannot create value.
> If you had a genie that could grant your every wish, what would you need money for ? The things that a magic AI Genie will never be able to give you no matter how far into the AGI/Singularity things get. Such as Land, Energy, Precious Metals, Political and Social Capital, etc.
'Political and Social Capital" don't belong on that list.
Georgism is the only way forward. Tax land, energy, metals, and other constrained natural resources, not labour.
Econ has always been a bit faith based as it is.
Depends. The basics are testable. An explanation of scarcity is available in Basic Economics and should be required reading (Sowell)… but whatever this VC nightmare thing is… I agree.
The viability of a currency is nothing more than faith.
Keeps the doctor away?
It’s from a book called Brave New World. If you want some light reading: 1984, brave new world, and atlas shrugged will mostly get you caught up on current events.
Based on what? Each model so far has been noticeably better than the last, so I don’t see why the next wouldn’t be too?
Even if that were true, it wouldn’t make the growth exponential. There are many other trajectories out there.
"Can’t you just draw an exponential line on the curve?" - Dario Amodei, February 13th 2026. But this time draw it for spending expectations.
Are you predicting that OpenAI is out of business in 6-12 months? I'm not an AI booster, and I don't see "sustainable" in the current markets, but I'd take the other side of that bet!
These numbers were always out of line with basic infrastructure constraints. People were talking like the US would build 50 new nuclear power plants in 10 years. And I believe we will not see $600B either, there are basic infrastructure, permitting, and power delivery limits.
It's not unforeseeable that the US demarcates Special Economic Zones without environmental oversight or labor regulations to speed up the construction.
> OpenAI is projecting that its total revenue for 2030 will be more than $280 billion For context, that is more than the annual revenue of all but 3 tech companies in the world (Nvidia, Apple, Google), and about the same as Microsoft. OpenAI meanwhile is projected to make $20 billion in 2026. So a casual 1300% revenue growth in under 4 years for a company that is already valued in the hundreds of billions. Must be nice to pull numbers out of one's ass with zero consequence.
I think he meant for Anthropic?
I have used AI a bit, like it for a bunch of use cases. But god damn, these numbers are so big. Gotta wonder, are the returns even worth it? RAM prices up, electricity prices up, hard disk prices up… Maybe this is the price to pay for “progress”, but it sure is wild
Simple - they returns are not worth it. :-)
Today I got a feature request from another team in a call. I typed into our slack channel as a note. Someone typed @cursor and moments later the feature was implemented (correctly) and ready to merge. The tools are good! The main bottleneck right now is better scaffolding so that they can be thoroughly adopted and so that the agents can QA their own work. I see no particular reason not to think that software engineering as we know it will be massively disrupted in the next few years, and probably other industries close behind.
What was the feature and what was the note?
It really doesn't matter how "good" these tools feel, or whatever vague metric you want - they hemorrhage cash at a rate perhaps not seen in human history. In other words, that usage you like is costing them tons of money - the bet is that energy/compute will become vastly cheaper in a matter of a couple of years (extremely unlikely), or they find other ways to monetize that don't absolutely destroy the utility of their product (ads, an area we have seen google flop in spectacularly). And even say the latter strategy works - ads are driven by consumption. If you believe 100% openAI's vision of these tools replacing huge swaths of the workforce reasonably quickly, who will be left to consume? It's all nonsense, and the numbers are nonsense if you spend any real time considering it. The fact SoftBank is a major investor should be a dead giveaway.
> In other words, that usage you like is costing them tons of money Evidence? I’m sure someone will argue, but I think it’s generally accepted that inference can be done profitably at this point. The cost for equivalent capability is also plummeting.
> a casual 1300% revenue growth in under 4 years for a company that is already valued in the hundreds of billions. Such a weird sentence. The correct causality should be: It's valued in the hundreds of billions because the investors expect a 1300% revenue growth.
Investors are valuing it at ~$500B, which already projects massive revenue growth. OpenAI is saying "actually we are going to grow 10x faster than that". And all of this is without bringing up the “profit” word.
I mean, if you go outside and everyone else is carrying an umbrella, it's probably going to rain.
This greatly overestimates the rationality of markets.
perhaps tis not the rain but the sun they fear.
That would be compatible with them carrying umbrellas; https://www.etymonline.com/word/umbrella
If you go outside and see people buying tulips, it doesn't mean that tulips are great investments. Another example is how Isaac Newton lost money on some other bubble as well: https://www.smithsonianmag.com/smart-news/market-crash-cost-newton-fortune-180961655/ [ The market crash which cost newton fortune] So even if NEWTON, the legendary ISAAC NEWTON could lose money in bubble and was left holding umbrellas when there was no rain. From the book Intelligent investor, I want to get a quote so here it goes (opened the book from my shelf, the page number is 13) The great physicist muttered that he "could calculate the motions of the heavenly bodies, but not hte madness of the people" This quote seems soo applicable in today's world, I am gonna create a parent comment about it as well. Also, For the rest of Newton's life, he forbade anyone to speak the words "South Sea" in his pressence. Newton lost more than $3 Million in today's money because of the south sea company bubble.
People often use that example, but Newton, for all he was unquestionably a giant of physics, was a bit of a weird dude and not 100% rationalist[1]. Additionally, just because he was a great physicist doesn't mean he knew anything at all about investment. You can be an expert in one field and pretty dumb in others. Linus Pauling (a giant in chemistry) had beliefs in terms of medicine that were basically pseudoscience. Intelligent investor is a great book though. [1] eg he wrote more than a million words on alchemy during his lifetime https://webapp1.dlib.indiana.edu/newton/project/about.do
Or the town has been hoodwinked by a smooth talking umbrella salesman.
Again!?!!
Its a circular economy...He is talking about the money moving from Nvidia to OpenAI and back to Nvidia. You got to go with the flow... He is counting on hundreds of husbands: https://xkcd.com/605/
1.4T was estimate by gpt4/5, 600b by gpt5.3? they'll probably fix it just like they did fix strawberry their estimates will drop by ~20x which will be their max as underdog in the race they'll grab fraction of even that where are they planning to get that much money from? by showing adverts for 14h before you can prompt?
Wasn't it always an expectation, not a commitment? If they didn't appropriately account for risk that the expectation would not pan out, well, that's on them.
How do you account for the risk of something that has ever happened before?
I think WebRTC is better than SSH-ing for connecting to Mac terminal from iPhone (macky.dev)
For connecting two devices I already pay for a service allowing that, it's called ISP (Internet Service Provider).
Regardless of the poor security guarentees and or personal disinterest in such a service. I don't think services which offer continuous services should ever have a "lifetime" price. With a lifetime subscription the incentive of the company is to offer poor service, or to stop alltogether when revenue from growth is no longer outpacing operating costs. I'd much prefer it if the $29/lifetime would just be $29 / 4 years instead, it would make me much more secure in onboarding onto your proprietary service as I would feel more secure about it's future existence.
sure, but I fucking hate subscriptions. If you want to sell software, fine, but I want to buy it then. Release a v2? Sure, I’ll probably buy again. I have bought 4 versions of littlesnitch and 3 versions of prompt (5 if you count the macos versions too). But if I see another subscription I’m just clicking off.
the real advantage of WebRTC here is NAT traversal without any config. SSH requires either port forwarding, a relay service like Tailscale, or a publicly reachable host. WebRTC with ICE/STUN/TURN handles all of that automatically and degrades gracefully. that said, the security model is fundamentally different. SSH has decades of hardened key exchange and host verification. WebRTC DTLS-SRTP is solid for the data channel but the trust anchor shifts to whatever signaling server coordinates the connection. if the signaling server is compromised you get MITMed. with SSH you verify host keys locally. for the actual use case of phone-to-mac on the same wifi or carrier NAT, Tailscale is probably still the right answer. but this is a neat exploration of the design space.
Why stop at just one terminal? (shameless plug for https://github.com/rcarmo/webterm , which works pretty well on mobile)
Title: Connect to Mac Terminal from iPhone
Yeah. I wonder why HN has become lax about enforcing the original title rule? I can understand editing the title to meet the character limit or remove hyperbole or make it less click-baity. But some changes really don't make sense - a recent HN Post ( https://news.ycombinator.com/item?id=47111039 ) was titled "The AI apocalypse for enshitification has started" , where as the original title is "Large US company came after me for releasing a free open source self-hostable alternative!" - I am sure the original title would have got it more attention here.
Conveniently running Claude Code while sitting on the toilet?
Hello, hemorrhoids!
The pricing is extremely steep for a tech-savvy audience that could just set up Tailscale or MOSH.
Looking at their website it seems they're trying to target a slightly less tech savvy audience which are interested in checking on agents while away. Someone willing to blow cash on overpriced AI subscriptions, I could see justifying blowing money on this.
yeah Tailscale + mosh is the obvious answer for most people. but WebRTC has one specific win: corporate networks that block all VPN/UDP traffic. mosh needs UDP, Tailscale needs its relay port at minimum. WebRTC's TURN fallback is pure HTTPS port 443 -- you literally can't block it without breaking the web. so if your target user is 'I need to SSH into my Mac from a locked-down enterprise wifi', WebRTC is actually the right call.
> " pure HTTPS port 443 -- you literally can't block it without breaking the web. " Sure you can, you do Man In The Middle certificate inspection and then filter it aggressively like it was HTTP; that's the product companies like ZScaler offer, and basically any business/enterprise firewall device - internet filtering to protect your company and prevent or detect data exfiltration and malicious activity. Or perhaps you could say that does 'break the web' but companies do it anyway and pay a lot of money so they can do it. (ZScaler is a $23Bn market cap company).
Honestly, at that point I'd just run SSH over WebSockets with websocat. WebRTC only adds extra complexity. Tailscale DERP relay servers also run over port 80/443 anyway.
In the company where my father works some HTTPS services are blocked too…
Show HN: Emdash – Open-source agentic development environment (github.com/generalaction)
the worktree pre-warming detail is interesting -- keeping a reserve pool and letting new tasks claim one instantly is the same pattern as connection pool pre-warming in databases. the underlying bottleneck is probably git having to traverse pack files and update the index when you run 'git worktree add'. one thing worth trying if you haven't: sparse checkout on the worktrees can cut that initialization time further, especially in large monorepos where most files are irrelevant to a given agent task.
Here's my question: if agents continue to get better with RL, what is future proof about this environment or UI? I think we all know that managing 5-10 agents ... is not pretty. Are we really landing good PRs with 100% cognitive focus from 5-10 agents? Chances are, I'm making mistakes (and I assume other humans are too)? Why not 1 agent managing 5-10 agents for you? And so on? Most of the development loop is in bash ... so as long as agents get better at using bash (amongst other things), what happens to this in 6 months? I don't think this is operating at a higher-level of abstraction if agents themselves can coordinate agents across worktrees, etc.
Interesting thoughts - thank you! And directionally agree - given that agents are becoming ever better, they'll take more and more of the orchestration on themselves. Still, we believe that developers need an interface to interact with these agents; see their status and review / test their work. Emdash is our approach for building this interface of the future - the ADE :)
LFG!
Pretty sick. How do you compare yourself with Conductor?
Conductor is definitely in the same space. Main points of differentiation that I am aware of are that we allow you to connect to remote servers via SSH, natively embed many more coding agents (21) with their full functionality, and are open-source.
the worktree-per-agent approach is the right call. we run a similar setup with claude code subagents and the biggest lesson was that filesystem isolation is non-negotiable for parallel agents - even with git branches, agents stepping on each others lockfiles and node_modules was a constant source of weird failures. the 500ms task startup from pre-warmed worktrees is a nice touch. we found that cold worktree creation was one of those things that felt fast enough in demos but became a real friction point when you are spinning up 5-10 agents per session.
1Password Raising Prices ~33%
Fortunately 1P6 with one time purchase still works. I don't care about this company since then.
Yeah, pretty disappointed by this as well. The app has been getting buggier overtime and I was already considering leaving, so this was the push I needed. Seems like the most popular players in this space are Bitwarden and KeePass, does anybody have a positive or negative experience to share with either?
I don't like Bitwarden UI/UX. It looks not really polished. Especially the "folders" are akward. How the implemented it, calling them labels and designing them like labels would make way more sense. But the whole UI looks like software developers - and not designers - built it.
What bugs have you encountered? It’s been flawless for me.
It's been little things and mainly usability/polish things. Sometimes the vault doesn't unlock and I have to enter in my password 2-3 times. It doesn't always capture all information from a page properly when creating a new login and there are additional fields to capture. The "detecting if a website supports key passes and one time password" feature for Watchtower was overwhelming with lots of information, until I clicked each one and had to ignore it. These reasons alone are not enough for me to leave, the 3 big problems are below. 1 - I was feeling more uncomfortable having websites promote using passkeys, and I would store that in 1Password, but then I wasn't sure if 1Password as going to make it easy to migrate that stuff out. So, I want to use something open source, so I don't have to worry about losing access/managing that stuff in a propertiery/closed product. It might be easy to export/migrate out today, until something changes and they no longer allow that or make it very difficult/hard to scale/automate. 2 - I have a strong feeling this price increase is being justified by "AI" somehow. I'm sure, like all other companies, 1Password is internally forcing/requiring its developers to use coding models, and sonnet, opus, etc are expensive to use and the cost adds up. Also, I don't like the direction of where things are headed, where people are becoming more relaxed and not reviewing code properly and merging in code that will cause security issues later (perhaps openclaw fits into this bucket) or they are taking open-source code they laundering it for companies internally to use (I can't prove this, but if a model is trained on public data/code, it seems very likely). Something about that just bothers me. 3 - I've spent the last 3 years building up my homelab and using Pikapods for hosting various things. I want to support open-source more and run my own things and pay supporters properly to maintain things. I've always been a bit nervous what might happen if 1Password gets hacked, either because of poor security or due to a third party vendor. I still have the problem of my things getting hacked, but I pay more attention to how I secure things and use Tailscale and not publish things on the broad internet (when it makes sense). Also, I would be a hypocrite to dismiss the value of coding llms, as I'm using them myself. But how I'm using them, I'm using them to do security reviews of my docker compose files or kubernetes yaml files. Having coding llms has made it so much easier to maintain a homelab.
Bitwarden is a shit product lacking basic niceties: search is terrible (substring match is beyond first page of results), UI is sometimes non-async (typing freezes search), no way to sort by newest/date added, no way to make two note (textarea) fields, no way to expand it, consumes memory and CPU etc However, it’s open-source, cross platform and sorta works.
Ah that's disappointing. So you've just been with 1Password then? Did you try KeePass or anything else?
Nearby Glasses (github.com/yjeanrenaud)
the BLE company identifier approach is clever but fundamentally limited. MAC address randomization means you cant track individual devices, and the company ID only tells you the manufacturer - so any Meta headphones or Snap peripherals will trigger false positives. a more robust approach would be to look at the full advertisement payload. smart glasses with cameras tend to advertise specific GATT services for live streaming or firmware updates that headphones dont. combining the company ID with service UUID patterns and advertisement interval timing would significantly reduce false positive rates without needing any active scanning.
Sooo technically this is on the edge of legal/not legal, depending on your intent and what the judge had for lunch that day. ID'ing devices without consent is a grey area at best.
I'd probably go for "the device explicitly allowed itself to be ID'd by intentionally broadcasting a signal intended for this purpose."
Is this legal advice?
Filming/video and lookups of people filtered through a corporate data mining operation without their consent should also be illegal. I'll take my chances, thank you. I recently had to interact with an idiot wearing meta glasses. There should be a mandatory consent requirement AND an "on air" red led.
I love smart glasses they are very useful for people who wear sunglasses and use their phone to take pics & videos. Of course with all new technology people fight against it. When I wore them on rollercoasters at Cedar Point in 2024 ride attendees said take those off and store them in a locker at the front entrance of the park (that kid / ride attendant hated them) yet as feb 2026 Six flags now allows smart glasses to be worn and 7 million have been sold. Overall I am detailing why they are useful, why I think they will be widely adopted and like many technologies before it those who are against them will adopt them too(its a counter argument here). Sure some creeps will use them and with that in mind Apple has the possible ability to solve that privacy issue as they are a privacy company (all pics and vids taken thru APple glasses faces not in your network are randomize/anonymized).
Also noting my disdain for Meta glasses due to their lack of quality and solid customer service Apple will provide.
The dichotomy between the statement in the repo "False positives are likely " and the app message "Smart Glasses are probably nearby" is interesting.
That's not a dichotomy.
Add satellite imagery, nearby self-driving vehicles / Google maps cars, line-of-sight ring doorbells, peripheral street surveillance cameras, police equipment, people in your proximity with a smartphone camera, and various-purpose drones and then you'll have the perfect paranoia alerter.
A big red screen that always says "yes"?
That's the opposite of honor-based, and those stories are warnings about going down that path.
"Honor-based" has a specific meaning, and it is not good. If the parent is torn about whether this is good or bad, they're really not paying attention. https://en.wikipedia.org/wiki/Honor_killing https://en.wikipedia.org/wiki/Culture_of_honor_(Southern_United_States)
> It's like an honor-based culture at scale. Except the basis of that culture would not be honour, would it? A critical mass of people scrutinizing and reporting others' actions might lead to a compliance-based culture. It's different IMO. i.e. intrinsic motivation to behave well (honour, morality, decency) versus extrinsic motivation to behave well (fear of unpopularity, law enforcement, mob reaction, etc.)
It's like how people misunderstand trust. "I trust open source software because I can review the code." No you don't. If you need to review the code then you are already not trusting it. Same deal with "honor" — the entire point of honor is you don't need eyes everywhere to look for misbehavior. You trust people to do the right thing. There is no trust in a police state.
I think you're missing the point. Or, on re-reading, the parent is missing the point. "Honor culture" or "Culture of honor" is the term for people who are thin-skinned, quick to offense, and worried more about appearances than substance. https://en.wikipedia.org/wiki/Culture_of_honor_(Southern_United_States) https://en.wikipedia.org/wiki/Honor_killing It's all about a shame-based society. When someone is made to feel ashamed, they might lash out. It's practically the opposite of guilt, which is directed inwardly. At the margins, a shamed person might commit mass murder, while a guilty person might commit suicide. Before you get to the margin, both guilty people and shamed people might alter their behavior in beneficial ways, but they do it for subtly different reasons.
Tried this on a Pixel 9, after allowing permissions the Start Scanning button does nothing, and there's nothing in the debug log. I do like the idea and might try again in the future if it gets updated. Seems like a good candidate for F-Droid instead of Google Play.
I had to tap the sprocket in the top right and enable Foreground Service to get the button to work
1Password pricing increasing up to 33% in March
Just cancelled my subscription, which was due for renewal a few days after the change takes effect. I can live with vaults being read-only while I find a (self-hosted) alternative.
nothing better than bitwarden
Wasn’t software cost going to 0 thanks to AI? How they justify 33% increase?
Cost to companies may go down to zero but the price to consumers can still go up.
I'm working on an alternative that I hope would be better. https://github.com/lockstepvault-hq/lockstep (early alfa project) Would you mind sharing what user experiences are not ideal with 1Password, I'd like to know I can address those those in Lockstep.
I'd say it's mainly to do with browser/iOS plugins not being responsive. I find myself often resorting to opening the app and copying and pasting the password or other info because autofill function doesn't work on different websites. Otherwise minor UI things like categories on the sidebar which made it easy to navigate, but they got rid of it a while back. Good luck with your project!
You can export from their app very easily.
Can you export it once apple locks your account?
You left out the most bizarre part of the email: > Action needed: Please go to my.1password.com/billing to register your approval. If you do not provide consent by your next renewal date on or after March 27, 2026, your subscription will automatically be cancelled at time of your next renewal Apparently you get auto-cancelled if you don't manually accept the price increase?
Wasn't mentioned on mine, either (Ohio, United States). My subscription is through in-app purchase, so I'm assuming that'll go through Apple's usual "your subscription price is increasing" flow.
HuggingFace Agent Skills (github.com/huggingface)
Skills feel analogous to behavioral programs. If you give an agent access to a programmable substrate (e.g. bash + CLI tools), you write these Markdown programs which are triggered and read when the agent thinks certain behaviors will be beneficial. It's a great idea: really neat take on programmability, and can be reloaded while the agent is running without tweaking the harness, etc -- lots of benefits. `pi` has a great skills implementation too. I think skills might really shine if you take a minimal approach to the system prompt (like `pi`) -- a lot of the times, if I want to orchestrate the agent in some complex behavior, I want to start fresh, and having it walk through a bunch of skills ... possibly the smaller the system prompt, the more likely the agent is to follow the skills without issue.
Yes -- skills live in a special gap between "should have been a deterministic program" and "model already had the ability to figure this out". My personal experience leaves me in agreement that minimal system prompts are definitely the way to go.
So far my experience with skills is that they slow down or confuse agents unless you as the user understand what the skill actually contains and how it works. In general I would rather install a CLI tool and explain to the agent how I want it used vs. trying to get the agent to use a folder of instructions that I don't really understand what's inside.
> So far my experience with skills is that they slow down or confuse agents unless you as the user understand what the skill actually contains and how it works. In general I would rather install a CLI tool and explain to the agent how I want it used vs. trying to get the agent to use a folder of instructions that I don't really understand what's inside. For Claude Code I add the tooling into either CLAUDE.md or .claude/INSTRUCTIONS.md which Claude reads when you start a new instance. If you update it, you MUST ask Claude to reread the file so it knows the full instructions.
Skills in CC have been a bit frustrating for me. They don't trigger reliably and the emphasis on "it's just markdown" makes it harder to have them reliably call certain tools with the correct arguments. The idea that agent harnesses should primarily have their functionality dictated by plaintext commands feels like a copout around programming in some actually useful, semi-opinionated functionality (not to mention that it makes capability-discoverability basically impossible). For example, Claude Code has three modes: plan, ask about edits, and auto-accept edits. I always start with a plan and then I end up with multiple tasks. I'd like to auto-accept edits for a step at a time and the only way to do that reliably is to ask CC to do that, but it's not reliable—sometimes it just continues to go into the next step. If this were programmed explicitly into CC rather than relying on agent obedience, we could ditch the nondeterminism and just have a hook on task completion that toggles auto-complete back to "off."
Are you using either CLAUDE.md or .claude/INSTRUCTIONS.md to direct Claude about the different agents? Also, be aware that when you add new instructions if you don't tell claude to reread these files, it will NOT have it in its context window until you tell it to read them OR you make a new CC session. This was a bit frustrating for me because it was not immediately obvious.
> Skills in CC have been a bit frustrating for me. They don't trigger reliably Referencing them in AGENTS/CLAUDE.md has increased their usage for me.
> idea that agent harnesses should primarily have their functionality dictated by plaintext commands feels like a copout I think it's more along the lines of acknowledging the fast-paced changes in the field, and refusing to cast into code something that's likely to rapidly evolve in the near future. Once things settle down into tested practices, we'll see more "permanent" instrumentation arise.
Surely this logic doesn't apply if we're to believe that "code is cheap" now :p
> sometimes it just continues to go into the next step Use a structured workflow that loops on every task and includes a pause for user confirmation at the end. Enforce it with a hook. I'm not sure if you can toggle auto-accept this way, but I think the end result is what you're asking for. I use this with great success, sometimes toggling auto-accept on when confidence is high that Claude can complete a step without guidance, and toggling off when confidence is low and you want to slow down and steer, with Claude stopping between the steps. Now that prompt suggestions are a thing, you can just hit enter to continue on the suggested prompt to continue.
You can write skills that have an associated js/python/whatever script.
I think unless you're doing simple tasks, skills are unreliable. For better reliability, I have the agent trigger APIs that handles the complex logic (and its own LLM calls) internally. Has anyone found a solid strategy for making complex 'skills' more dependable?
Is it that the skills aren't being triggered reliably, or that they get triggered but the skill itself is complex and doesn't work as expected?
My only strategy is what used to be called slash-commands but are also skills now, I.e I call them explicitly. I think that actually works quite well and you can allow specific tools and tell it to use specific hooks for security of validation in the frontmatter properties.
Open Letter to Google on Mandatory Developer Registration for App Distribution (keepandroidopen.org)
the technical middle ground that nobody in this thread is proposing: tiered permissions based on installation source. play store apps get the current permission model. sideloaded apps get a more restrictive default where sensitive permissions (notification reading, accessibility services, SMS access) require a 24h delay before activation plus periodic re-confirmation. this is how iOS already handles some developer-signed apps with provisioning profiles. the binary still runs but certain entitlements are restricted unless you jump through additional hoops. android could implement something similar at the OS level without requiring developer registration at all - just make the dangerous capabilities harder to grant for non-store apps, not impossible.
Why is that a "middle ground"? I trust f-droid apps a lot more than anything installed from the Play store. The same restrictions should apply to Google's store as others.
I think we're about to see an explosion in "mini apps". It's taken 10+ years for us to catch up to WeChat and China but this regulation and other issues are going to block a lot of innovation and we're better off surfacing tiny PWA or SPA like apps that get loaded in native apps or we just do away with that entirely. The time has come.
To be honest, if both Android and iOS were walled gardens, I'd choose iOS every time. I choose Android specifically because of its openness. But if that weren't the case, I'd prefer the smoother UX and stronger Apple ecosystem.
You're welcome to it I suppose. As someone forced to use iOS for the past year I'm still waiting to find any smooth UX or strong ecosystem...
The judge told Google that Apple is not anti-competitive because Apple has no competitors on it's platform (this all stemming from the Epic lawsuits). Google listened. Blame the judge for one of the worst legal calls in recent history. Google is a monopoly and Apple is not. Simple fix for Google... Same comment I made a few days ago, I feel it bears repeating as much as possible until it's really driven home how detrimental and uninformed that decision was.
Like many things in the US, this should be settled by congress not judges. Things that everyone relies on for life are generally regulated by law. Telecom platforms for instance. I’d say the mandatory software platform I need for my bank, drivers license, daily communication, etc should be in this bucket. The EU declaring both Apple and Google gateway platforms is a much better approach. Congress is abdicating its responsibility to craft the legal frameworks for equal access in the modern age.
Sorry, which exact ruling are you referring to? How did the court arrived at this finding (that seems irrelevant, false)?
There were parallel anti-competitive behavior cases brought against Apple and Google. Apple was deemed not to be anticompetitive in app stores because there was no existing market of app stores on iOS. Google was more open in allowing other app stores, but deemed anticompetitive by discouraging their use relative to the Play store. The irony is the more open player was deemed more anticompetitive. OP is saying Google is “fixing” their anticompetitive behavior by eliminating alternative app stores entirely.
It is a non-sensical ruling. But IIRC the reason was basically that while Apple and Google did basically the same shit, only Google kept a written record of their monopolistic behaviour, so only Google was found guilty. However, there is a relevant court case here. The one about Samsung's "Auto Blocker" ( https://arstechnica.com/gadgets/2025/07/samsung-and-epic-games-call-a-truce-in-app-store-lawsuit/ ). Epic Games sued because Samsung made it too hard to install apps from "untrusted" sources. This may be a reason why Google is now trying to make the process more difficult on the developer side instead.
No judgement whatsoever, but for almost everyone they too will think, no big deal you only install software through stores right? Nothing changes for them, in fact they can't conceive of an alternative anymore.
That's true. How can you judge if Google's plan is a good one? Add up the harms caused by the new rules and weigh that against the reduction in harm and see where the balance is? I have a hard time believing the net outcome for the overall Android community would be negative.
Something like 7 iOS phones are sold every second of the day and there are even more Android phones sold. The number of people who care about this issue is far too few for any kind of boycott to be noticed by the handset makers. The only option is to appeal to Google's sense of what's right. In the time it took you to read this comment, 200 phones were sold.
Highly technically knowledgeable people are more influential in this sphere than the average consumer. If developers hate your device and love your competitor, that's a real problem.
Illegal in Brazil per the Digital Child and Adolescent Statute. Operating systems are legally required to provide age verification functionality in a manner approved by the government.
Do they do inspections? Edit: apparently if it isn’t a “marketable product” then the law may not apply. So far they haven’t enforced it against Linux distros, likely because of this exception. However, IANAL (and definitely not a Brazilian lawyer).
No bank in my country has an app that works with those, so it's not an option for me anymore.
Does the web app for the bank actually selectively block mobile phones? I just checked and Chase here in the US lets me log in on Brave Mobile on iOS. Perhaps your bank lets you log on in the browser.
The most controversial claim in this letter is in the section that "Existing Measures Are Sufficient." In Google's announcement in Nov 2025, they articulated a pretty clear attack vector. https://android-developers.googleblog.com/2025/11/android-developer-verification-early.html > For example, a common attack we track in Southeast Asia illustrates this threat clearly. A scammer calls a victim claiming their bank account is compromised and uses fear and urgency to direct them to sideload a "verification app" to secure their funds, often coaching them to ignore standard security warnings. Once installed, this app — actually malware — intercepts the victim's notifications. When the user logs into their real banking app, the malware captures their two-factor authentication codes, giving the scammer everything they need to drain the account. > While we have advanced safeguards and protections to detect and take down bad apps, without verification, bad actors can spin up new harmful apps instantly. It becomes an endless game of whack-a-mole. Verification changes the math by forcing them to use a real identity to distribute malware, making attacks significantly harder and more costly to scale. I agree that mandatory developer registration feels too heavy handed, but I think the community needs a better response to this problem than "nuh uh, everything's fine as it is." A related approach might be mandatory developer registration for certain extremely sensitive permissions, like intercepting notifications/SMSes...? Or requiring an expensive "extended validation" certificate for developers who choose not to register...?
The main problem here is the banks relying on an untrusted device as second factor. Only immutable devices should be allowed as second factor.
Of course not. In other news, a new study shows that cutting off your feet is 100% effective against athlete's foot.
Haven't seen that one but I've seen working medication, it does exist on the market and does work, why not switching to use it?
Codes arrive via SMS, which is available to all apps with the READ_SMS permission. This isn't an OS vuln. It is a property of the fact that SMS messages are delivered to a phone number and not an app. On the Play store there is a bunch of annoying checking for apps that request READ_SMS to prevent this very thing. Off Play such defense is impossible.
If they restricted sideloaded apps from sniffing SMS then I wouldn't mind all that much.
How about. "I am responsible for my own actions" mode. You click that, the phone switches into a separate user space. Securenet is disabled, which is what most financial apps rely on. Then you can install all the fun stuff you want. This is really a matter of Google not sandboxing stuff right. Why the hell does App A need access to data or notifications from App B.
This mode already exists. It's called "Install LineageOS".
> I agree that mandatory developer registration feels too heavy handed, but I think the community needs a better response to this problem than "nuh uh, everything's fine as it is." Why would the community give a different response? Everything is fine as it is. Life is not safe, nor can it be made safe without taking away freedom. That is a fundamental truth of the world. At some point you need to treat people as adults, which includes letting them make very bad decisions if they insist on doing so. Someone being gullible and willing to do things that a scammer tells them to do over the phone is not an "attack vector". It is people making a bad decision with their freedom. And that is not sufficient reason to disallow installing applications on the devices they own, any more than it would be acceptable for a bank to tell an alcoholic "we aren't going to let you withdraw your money because we know you're just spending it at the liquor store".
If those bad decisions have a lot of higher order effects and they turn out to be very costly for society, then limiting freedom seems worth it. And it seems Google thinks society is beginning to unravel in SEA due to scammers. Trust breaks down, people stop using phones to do important things, GDP can shrink, banks go back to cheques, trees will be cut down!! It's bad to let people go and catch the zombie virus and the come back and spread it, right? ... I don't like it, but the obvious decision is to set up a parallel authority that can issue certificates to developers (for side loading), so we don't have to trust Google. Let the developer community manage this. And if we can't then Google can revoke the intermediary CA.
> Life is not safe, nor can it be made safe without taking away freedom. So... no food and safety regulations, because life is not safe, and people should have the freedom to poison food with cheaper, lethal ingredients because their freedom matters more? You're right that things can't be made more safe without taking away the freedom to harm people. Which is why even the most freedom-loving countries on earth strike a balance . They actually have tons and tons of safety regulations that save tons and tons of lives, even you from your point of view that means not "treating people as adults". You have to wear a seatbelt, even if you feel like you're not being treated like an adult. Because it's also not just your own life you're putting at risk, but your passengers' as well. You're taking the most extreme libertarian stance possible. Thank goodness that's an extremely minority view, and that the vast, vast majority of voters do actually think safety is important.
Your post is addressing a strawman, not what I said. But to answer the words you so ungraciously put in my mouth: > So... no food and safety regulations, because life is not safe, and people should have the freedom to poison food with cheaper, lethal ingredients because their freedom matters more? This is harm to others and is very obviously something we should enforce. There are unreasonable laws about food (banning the sale of raw milk cheese for example, which most of the world enjoys with perfect safety), but by and large they are unobjectionable. > You're right that things can't be made more safe without taking away the freedom to harm people. Which is why even the most freedom-loving countries on earth strike a balance. I never said I was opposed to striking a balance. Of course we can strike a balance. Indeed we already have when it comes to installing apps on Android. But these measures are being advanced as if safety were the only consideration, which it isn't. > You're taking the most extreme libertarian stance possible. No, that is what you have projected onto me. That's not actually what my stance is.
Thank goodness there are FOSS options, even for mobile phones, and none of us are required to accept proprietary junk. If they make FOSS illegal, guess I’ll be a criminal. Come and take it.
The status quo may not be perfect but it is the best we can do. We try to educate people about scams. We give them warnings that what they are doing can be dangerous if misused. If they choose to ignore those things and proceed anyway, the only further step society could take is to take away the person's freedom to choose. And that is an unacceptable solution.
> The status quo may not be perfect but it is the best we can do. Nope. We could, for example, ask developers to register with their legal identity to release apps.
the open source community should ask for their own install key and that's it Play store can be fast and verification based and the F/OSS stores can be slower, reputation and review based. ... But fundamentally the easiest thing is to ask people to pay to unlock the phone's security barriers, this makes it harder and costlier for scammers.
That would be worse than the status quo.
You can add 5 layers of "are you sure you want to do this unsafe thing" and it just adds 5 easy steps to the scam where they say "agree to the annoying popup"
then make the unlock cost money relatively easy for devs, but hard to scale for scammers
There is some world where somebody scammed through sideloading loses their life savings, and every country is politically fine with the customer, not the bank, taking the losses. But for regular people, that is not really the world they want. If the bank app wrongly shows they’re paying a legitimate payee, such as the bank, themselves or the tax authority, people politically want the bank to reimburse. Then the question becomes not if the user trusts the phone’s software, but if the bank trusts the software on the user’s phone. Should the bank not be able to trust the environment that can approve transfers, then the bank would be in the right to no longer offer such transfers.
Why do banks go through all the know-your-customer (KYC) process if not to identify the beneficial owner of every account? If they receive a transfer via fraud, then they either get it clawed back, have to pay it back, and/or get identified to law enforcement. If the last bank in the chain doesn't want to play by the rules, then other banks shouldn't transfer into them, or that bank itself should be held liable. This is more or less how people expect things to work today ....
It's not a false equivalence at all. Both situations are taking away someone's control of something that they own, borne from a paternalistic desire to protect that person from themselves. If one is acceptable, the other should be. Conversely if one is unacceptable, the other should be unacceptable as well. Either paternalistic refusal to let people do as they wish is ok, or it isn't.
Protecting from scams isn't protection from the victim themselves. That should be obvious from the fact that very intelligent and technologically literate people too can fall for phishing attacks. Tell me for example, how many people in your life know how a bank would ACTUALLY contact you about a suspected hijacking and what the process should look like? And how about any of the dozens of other cover stories used? Not to mention the situations where the scammers can use literally the same method of first contact as the real thing (eg. spoofed). ...And the fact that for example email clients do their best to help them by obscuring the email address and only showing the display name, because that's obviously a good idea.
> Protecting from scams isn't protection from the victim themselves. That is where we differ. It is, ultimately, the victim of a scam who makes the choice of "yes, this person is trustworthy and I will do what they say". The only way to prevent that is to block the user from having the power to make that decision, which is to say protecting them from themselves.
Maybe not, but I think that overextending any idea like that in the opposite direction of whatever point you are trying to make at least devolves into a "slippery slope" argument. For instance, is your point that all security on phones that impede freedom of the user (for instance, HTTPS, forced password on initial startup, not allowing apps to access certain parts of the phone without user permissions, verifying boot image signatures) should be removed as well?
No, that's not my point at all. Measures such as that are a tool which is in the hands of the user. There is a default restriction which is good enough for most cases, but the user has the ability to open things up further if he needs. What Google is proposing takes control out of the user's hands and makes Google the sole arbiter of what is and is not allowed on the device.
I'm not sure if you understand what makes passkeys phishing-resistant? The backdoored version of the app would need to have a different app ID, since the attacker does not have the legitimate publisher's signing keys. So the OS shouldn't let it access the legitimate app's credentials.
I understand how passkeys work. You don't need the legitimate app's credentials, we're talking about phishing attacks, you're trying to bring the victim to giving you access/control to their account without them realizing that that's what is happening. A simple scenario adapted from the one given in the android blog post: the attacker calls the victim and convinces them that their banking account is compromised, and they need to act now to secure it. The scammer tells the victim, that their account got compromised because they're using and outdated version of the banking app that's no longer suppported. He then walks them through "updating" their app, effectively going through the "new device" workflow - except the new device is the same as the old one, just with the backdoored app. You can prevent this with attestation of course, essentially giving the bank's backend the ability to verify that the credentials are actually tied to their app, and not some backdoored version. But now you have a "blessed" key that's in the hands of Google or Apple or whomever, and everyone who wants to run other operating systems or even just patched versions of official apps is out of luck.
So they'll have a lead time building up a set of verified developers. These scams are pulled by organized crime syndicates, using human trafficking and beatings to keep their call centers manned with complicit workers. Now they'll need to pay off a local mailman to give them all of Google's letters with an address in an area they control so they can register a town's worth of addresses, big whoop. It'll cost them a bit more than the registration fee, but I doubt it'll be enough to solve the problem.
> Now they'll need to pay off a local mailman to give them all of Google's letters with an address in an area they control so they can register a town's worth of addresses, big whoop. It'll cost them a bit more than the registration fee, but I doubt it'll be enough to solve the problem. Yeah, this is a huge amount more work than, like, nothing.
Of course it extends to PCs. It'd suck for us, but end users, software vendors, content providers, and service providers all benefit from a more restricted platform that can provide certain guarantees against malware, fraud, piracy, and so forth. It's pathologically programmer-brained to assume that the good old days of being able to run arbitrary code on a networked computing device would last forever. That freedom must be balanced against the interests of the rest of society to avoid risk from certain kinds of harm which can easily proliferate in an environment where any program can run with the full authority of the owner and malware spreads willy-nilly.
> That freedom must be balanced against the interests of the rest of society to avoid risk from certain kinds of harm which can easily proliferate in an environment where any program can run with the full authority of the owner and malware spreads willy-nilly. No, no, a thousand times no. This is an argument for authoritarian clampdown on general computing and must be opposed by all means necessary. I have the right to run whatever code I wish on my own damn property without the permission of arbitrary authorities or whatever subset of society you favor, and if you or they have a problem with this, you or they can proceed to pound sand.
Safety fascists won’t stop until every human interaction requires permission. It’s a good time to buy a pallet of old SFF computers, just in case.
Users get way more out of it when the device is free. Even if they don't use this option, it makes it easier to set up competing services. This includes ones that would never be allowed in an official store because they're DRM-free alternatives to big streaming services but still offer all the same content. The existence of such alternatives, if they are easy to use, can force the big services to become more user-friendly. Just as happened back then with Napster. Also every user is free to simply not use the option of installing things outside of the store.
> This includes ones that would never be allowed in an official store because they're DRM-free alternatives to big streaming services but still offer all the same content. Do you know anyone who works in a professional creative field that doesn't involve writing code? If so, ask them how they'd feel about their work bring out there on the internet free to all takers. What the implications would be for their ability to feed their children and pay their mortgage doing the things they love. This is what I mean by "programmer-brained." Of all creative workers, only programmers seem okay with abolishing IP laws, I guess because they figure they'll be okay living out of an office at MIT, or even worse out of an office at some YC startup that turns the user into the product. But artists, musicians, writers, filmmakers, etc. all put food on the table because of those IP laws programmers hate so much. Taking that protection for the fruit of your labor away would be at least as disruptive as AI has been.
The "programmer-brained" assumption is that I will be able to write any program and run it on my machine and that this ability isn't reserved for only me or some limited class of people and that I can share what I write with others. One big plus of the current stye of AI will be that "end users" will be able to write simple programs and will value this ability. Thus helping protect general purpose computing from this bit of evil for a while longer.
Exactly. I own over 50 computers, if you count some low powered SBCs. But even those can run lightweight Linux. That’s enough for me to distribute a few freedom devices to friends and neighbors, and still have extras to account for normal failures. I also hoard source code, and will happily distribute that with the computers! Maybe that’s “programmer brained,” if so then fine by me!
I'm helping my dog vibe code games (calebleak.com)
Maybe I could make a game after all! You bring hope to a whole generation of lazy developers :D
Will we ever get to a point where LLMs just churn out random apps with no input required and human reviewers just go through the apps picking out which ones might be useful for business purposes and monetizing them?
What? You are not doing it already? Look at this guy...
Cute but also: a small village has their lights flickering whenever Momo wants a treat. Also, you can actually play with your dog and give them treats instead of tasking a random text generator with that bit.
This is an extremely cute, cool and fun experiment. Kudos. That said, I wonder: does the dog input matter? It seems this is simply surfacing Claude's own encoded assumptions of what a game is (yes, the feedback loop, controls, etc, are all interesting parts of the experiment). How would this differ if instead of dog input, you simply plugged /dev/random into it? In other words, does the input to the system matter at all ? The article seems to acknowledge this: > If there’s a takeaway beyond the spectacle, it’s this: the bottleneck in AI-assisted development isn’t the quality of your ideas - it’s the quality of your feedback loops. The games got dramatically better not when I improved the prompt, but when I gave Claude the ability to screenshot its own work, play-test its own levels, and lint its own scene files. I'll go further: it's not only not "the bottleneck", it simply doesn't matter. The dog's ideas certainly didn't matter, and the dog didn't think of the feedback loop for Claude either.
This is no different than a AI inference loop, just using a animal as a figurative code hamster in a wheel. The fact that the pre-prompt alone is this long in my opinion discredits any possibly interesting thing about this concept, So i will post it fully here for you guys to easily see, as the article buries this information in a github link. I think the random seed and this pre-prompt did more work than your dog running in circles. System Prompt: Hello! I am an eccentric video game designer (a very creative one) who communicates in an unusual way. Sometimes I’ll mash the keyboard or type nonsense like “skfjhsd#$%” – but these are NOT random! They are secret cryptic commands full of genius game ideas (even if it’s hard to see). Your job: You are a brilliant AI game developer who can understand my cryptic language. No matter what odd or nonsensical input I provide, you will interpret it as a meaningful instruction or idea for our video game. You will then build or update the game based on that interpretation. Guidelines: Always assume my input has hidden meaning. Never dismiss it as gibberish. Instead, creatively decipher it. (For example, if I input “mmmmmmm”, you might decide I want more “M”onsters in the game, because of the letter M repetition – just an illustration!). Every strange phrase is a clue to use in the game. Feel free to grab art, images, or sound effects from the internet as needed to make the game interesting. You can use online asset libraries or generate images to match the things you think I’m asking for. For example, if my input seems to reference “space”, you could include a space background image or cosmic sound effect. Always ensure the assets align with the interpreted command. My work is ALWAYS beautiful and slick looking! It's YOUR job to to turn this into a reality. No ugly placeholders. Everything MUST be final. Don't just do boring shapes - give them personality! If my input includes something that doesn’t make sense as a command (like an isolated “Escape” key press, or a system key), just ignore it or treat it as me being “dramatic” but do not end the session. Only focus on inputs that you can turn into game content. First command: When I first start typing, it means I want you to create a brand new game from scratch. Interpret my very first cryptic input as the seed of the game idea. Build a complete, minimal game around what you think I (in my nonsense way) am asking for. Include some basic gameplay, graphics, and sound if possible. Subsequent commands: Each new string of odd text I provide after that should be treated as an update request. Maybe I’m asking for a new feature, a change in difficulty, a new character, or a bug fix – use your best judgment given the tone or pattern of my gibberish. Then apply the update to the existing game project. Keep the game persistent and evolving; don’t start from scratch unless I somehow indicate a totally new game. Be creative and have fun with the interpretations! I trust your expertise to take my “unique” input and run with it. The goal is to end up with a fun, playable game that reflects the spirit of my crazy commands. This project is code named Tea Leaves. That's NOT a hint about what to do - it's a code name and nothing more. Don't read anything into the name. My ideas are ALWAYS original. No BORING endless runners or other generic vomit. My games are ALWAYS quirky and UNIQUE! ALWAYS validate with screenshots using the tools available to you! Be CRITICAL of the results you see. We need PERFECTION and FANTASTIC DESIGN not just "good enogh". ALWAYS have basic but visually appealing on screen controls. Target 1080p for the resolution. JUICE it up! Add tons of juice - sound, controls, effects, and ESPECIALLY graphics! Don't be boring Leverage the 12 basic principles of animation! Static scenes are boring - make things move or at least wiggle. Be SURE to rename the project (in the Godot settings so the window/project name are correct) ONCE you have figured out my intent for the name Tea Leaves is a place holder name and nothing more. Sound is IMPORTANT! Don't forget about great sound design. Be sure to have CHARACTERS not just boring abstract shapes! Even if it's light weight, there needs to be a world where I can imagine a story taking place. You MUST make use of EVERY letter I give you! No hand waving. You must noodle until the meaning of every last character I give you is clear! Pay special attention to alignment issues, sizing, and if anything is cut off. Remember: I may be hard to read, but I’m counting on you to read between the lines and turn my keystrokes into an awesome video game. Let’s make something amazing (and maybe a little silly)! My standards are INSANELY high for quality. You MUST ALWAYS add tests and VERIFY they work! NEVER return the system in a borken state to me. Now, get ready. I’ll give you my first “command” in a moment...
So /dev/random would presumably work just as well here too. This is kinda closer to the LLM building a game on its own.
You're missing the important part about needing to model a tiny paw mashing on the keyboard. /dev/random is insufficient.
Looking for the headline about "dogs replacing engineers"...
I’m not ok with robots replacing people but dogs replacing people? now you’ve got my attention
They also don't take 20 years to become smart like pesky resource-exhausting humans. I bet you could be up and running from a pup in 10-20 months.
I still can’t believe Altman said that. I mean I can, but still.
Could this be done better with one of those dog button mats? The concept is interesting, but, it mostly just seems like an AI trying to interpret keyspam.
Both my dogs have actually learned to use the button mats. Down selecting to the right responses seemed tricky. My wife also took away the mat since Hana (the larger one) never learned "all done" and would paw at the "walk" button until she got it out and carried it around.
hilarious, I'm in the office and had to try pretty hard not to laugh out loud
Honestly I wouldn't mind a bit of that now and then myself, but I guess stable employment will have to do. Or is that only for the vibecoding horses?
+ Also the fact that the Memory.md file was a hindrance to the quality of output
Depends on the desired output. The author wanted variability, for which Memory.md was an obstacle. Another project might need consistency.
This seems like a good way to get a feel for a coding model. It's like the images you get out of a diffusion model when fed an empty prompt.
It does. Claude seems to do the best with this prompt. Codex 5.2 struggled with UID generation and kept ending its turn with things like "And now you're all setup to run tests!" without actually running them. A better (and shorter) prompt could probably get a lot out of Codex.
Cardiorespiratory fitness is associated with lower anger and anxiety (linkinghub.elsevier.com)
read¹ the book "Spark" and a school instituted a daily exercise program. Kids were happier, fought less and got better grades. https://www.amazon.com/dp/0316113514 [1] well, listened to the audiobook while walking
I'm all for walkable/bikeable cities, but that doesn't solve the intrinsic motivation problem either. I live in an area that has a lot of walkable and bikeable things nearby. There are a lot of people who drive anyway. Some because they're older, others because they have kids, others because they have busy schedules, and some are just lazy. So while I'm in favor of better city layout, I don't think this would be a magic solution. > Gyms are for people who have plenty of intrinsic motivation and money and time. There are a lot of ways to work out without a gym. You can go for a walk or run around your neighborhood or even do a lot of workout programs at home. There are many easy workout systems that don't even take a lot of time and are easy to get started if you're not in shape.
> I live in an area that has a lot of walkable and bikeable things nearby. There are a lot of people who drive anyway. The less warm and fuzzy part of this urban-design approach is that it can't just be about making things easier to walk to, it also has to be about making them harder to drive to. For instance, by making parking limited and/or expensive. People tend not to like that idea, although I think there's a good likelihood they'd actually be happy with it if not for the meta-awareness of having "lost" parking.
People don't like that idea because it's highly exclusionary. It only sounds good to younger people who don't have any disabilities, kids, grandparents who want to come along, or any number of other valid reasons to walk. It's also highly indicative of the weather where you're from. Forcing people to bike and walk everywhere sounds a lot better if you're in a moderate climate where bad weather means you need to pack a light jacket and wait for the light rain to stop. Move somewhere with harsh winters and the moralizing about people driving places stops making sense quickly.
This might sound reasonable, but it's a solved problem in Europe. They have plenty of old/disabled people there too.
When I was in SF, the coworkers who drove in were those who lived outside of the city who were trying to save money and raise family. Buying a home in the city is impossible for these people (and me). Mostly less prestigious jobs, like cleaners, technicians, office managers. Not the App guys making 300k living in the Marina. It's often an unintended tax on the poor. IDK maybe there's some middle ground where we beef up public transport while beefing up parking at stations.
We lack basic education in fitness, really, we do! They don't teach it in schools, but really just walking your 8-10k steps a day + simple own-weight exercises at home do wonders! Gym is fine for those who like it and can afford it (time, money), but by far not the only solution. We need to educate ourselves better. Plus, better cities, I am with you on that one.
Education is not the problem. People know sugar is bad, people know cigarettes are bad, people know alcohol is bad, still millions use these substances every day. What works best is to find some form of exercise that you really enjoy. I will get up at 5 in the morning, skip diner, skip appointments when i get a change to exercise, just because i enjoy it so much. In addition, what also helps is to ensure normal activities require excercise. I will walk to the shop every day for groceries, walk the dog every day, cycle into town, best if you can cycle to work.
Once you get over the hump and develop a certain amount of cardiovascular fitness, it stops being unpleasant and stressful. The real problem is that most people don't feel like this is true. It really takes a solid 6ish months of earnest effort (AT LEAST 3x per week, probably more) to develop cardiovascular fitness. For some people, it'll take even longer. I run an average of 6 days per week for the past 10+ years. At this point running is just about the easiest thing I do, it doesn't take any mental fortitude at all to do it. It wasn't always that way though, I used to dread it.
> It really takes a solid 6ish months of earnest effort (AT LEAST 3x per week, probably more) to develop cardiovascular fitness. For some people, it'll take even longer I don't think people need to suffer through 6 months just to start enjoy running. Yes when beginning running you suck (and also prone to injury); you basically have no zone 1-2 since your'e so out of shape, your zone 2 is basically a fast walk. So for newbies who train like that all runs become a zone 3 or even 4 - when you're totally new to running. No surprise they many time a) hate it b) get injured I advise newbies to walk and run and try to keep HR very very controllable until you build up fitness. That should be both more fun and also more sustainable injury wise.
Osaka: Kansai Airport proud to have never lost single piece of luggage (2024) (japannews.yomiuri.co.jp)
Also you need to keep organized crime out of airports. Some percentage of lost luggage is actually stolen luggage. Misrouting is also another large percentage. In the US unclaimed lost luggage ends up in some gigantic warehouse in Alabama.
What percentage? I imagine it is insanely low. The risk to reward ratio of making money off a random bag at the airpot has got to be as low, if not lower than, the actual percentage stolen. One thing I've never been worried about it is organized crime, or anyone really, stealing my bag at an airport.
> What a passive way to say executives kept a larger share of profits for themselves, forcing workers to be stressed and do a sub-optimal job. This is a very limited view of why things don't work. The main issue in my experience is whether the company values the outcome and ensures focus on optimizing for it. That can include everything from adequate staffing to comp to training to management focus. (A lot of the last one.) You can spend a huge amount of money and still get a crappy outcome. US healthcare provides a rich field of examples.
US healthcare is a leader in administration fees (e.g. paying health system executives) compared to other countries around the world. High US healthcare cost isn't because of increased usage, but because of the higher admin fees and higher prescription drug prices. Prices are fixed high because law prevents the government from negotiating prices (o.b.o. Medicare/aid), and those provisions were inserted on behalf of pharmaceutical companies so their executives could make more money. Paying individual workers more may have some benefits, but I think the key issue is usually overworking and burnout because the incremental cost of adding a whole new employee is way higher than just pressuring workers to do more work in the same time.
> You could add 100x the current headcount at all American airports and because the workers simply don't give a shit about doing good work, because they're treating it as a 9 to 5, where they have to go and suffer through a meaningless 8 hours, or worse, they treat it like their own personal access to other people's stuff to loot at will. This places the blame solely on the workers. Their CEO earns a ludicrous multiple of their wage. They are treated like shit and are expendable. It’s a two way street, treat workers with respect and and you might get some respect from them.
They are paid less.... you know there are rich people in japan?
Once the insurance adjuster is satisfied that you're not scamming them, they're often quite flexible and lenient. I've only ever had luggage delayed once, they gave me a little bag of toiletries and a couple hundred bucks and a few days later delivered the luggage; never demanded the money back.
I've had luggage delayed many times relative to the amount I actually check luggage. There were a few insurance policy things that my adjuster pushed back on (no code upgrades) and there were a number of things that would have just been silly for me not to pay for when walls were being repaintedd and opened up. There was a fire inspector because of the size of the claim. But it was pretty reasonable overall--although of people wouldn't have had the available cash to do the whole job as it really needed o be done. And, given that a couple of contractors, saved my butt in the middle of the winter, I wasn't going to push back too hard.
↙ time adjusted for second-chance
Samsung Upcycle Promise (xda-developers.com)
Slight tangent, but I find it mind boggling that so few phones offer bootloader unlocking - which is essential if you truly want to own your phone. I was recently in the market for a new phone, and (correct me if I'm wrong) the only companies that offer bootloader unlocking is Google Pixels, Motorola, Nothing, and OnePlus. Samsung and Xiaomi I think both technically support it but it's a pain in the butt practically. That's... a shockingly small list!? . In my case, after adding "I want a CPU that isn't crap while being expensive" (eliminating Tensor) and "I don't want to pay full flagship prices for sub flagship performance" (eliminating Nothing), OnePlus and Motorola were pretty much the only two options! Is it that hard to get a phone you can truly own? I don't know, I honestly hope I'm missing something.
Fairphone does it properly -- unlockable bootloader, repairability-first design, 10-year software support commitment, and they actually ship security updates on time. the catch is it's Europe-only and the hardware specs are mid-range. if you're in Europe and don't need flagship performance, it's genuinely the right answer to 'can I own my phone'. also LineageOS official device support (lineageos.org/devices) is broader than most people realize -- lots of Motorola and some Xiaomi devices are on there, and the unlock process for those is usually just a fastboot command.
So if I call in on the phone do they need a video feed of my surroundings to verify that I'm not being extorted? Perhaps if I come into a branch in person to make a large withdrawal they need a drug test to ensure that I'm not intoxicated? They absolutely do not have any need to know anything about my bootloader or OS version or safety net or otherwise. It's certainly true that it is within the realm of physical possibility for them to put that information to good use in a responsible manner if they had access to it. But being able to make use of something is not the same as a legitimate need.
I can see a future where a video from a hardware/stack verified by Apple/Google is a required mechanism for authentication. For example, you have to say or otherwise signal that you authorize the transaction to x person for y amount on z date. I kind of do it with my tenants when I record a video walk through at the beginning and end of the lease to serve as proof of damages. I could use a checklist on paper and a signature, but I feel like a video is better evidence for me.
It isn't. But he could have contributed massively to it, and hasn't, and I can and will hold it against him.
There will always be more ways for companies to extract value without contributing. Linus would have to continuously upgrade licenses from GPLV2 to V3 to Affero and so on. It is not really practical. What Linus has contributed is already huge. We can't put all the burden of making the world right on him.
Stripe valued at $159B, 2025 annual letter (stripe.com)
This feels rich. Compare: Adyen: $29.408B right now at Yahoo Finance. PayPal: $41.51B right now. https://finance.yahoo.com/quote/ADYEN.AS/ https://finance.yahoo.com/quote/PYPL/
It does seem like a lot, but if you look at growth rates, the differences are significant. Stripe is also doing far more value-added stuff: If all you need is to process credit card Adyen is probably going to outbid Stripe. They almost always did last time I checked. But Stripe is offering a significantly larger product, especially to people running marketplaces. That was always the selling point for the doordashes and deliveroos of the world. Even for Amazon. So I bet that the skinny version that is just a payment processor would be worth a lot less. They aren't the only ones trying to widen their horizons either: Paypal and Square/Block came up with plenty of plans to try to grow past boring payments. They just didn't execute on those things all that well, and somehow Stripe does.
When people investigate meme stocks the people complaining that they can't get on Stripe's cap table take the side of the meme stocks!
Why do you think that is?
Because they're people who watched a small group of people win a roulette straight bet when the ball landed on 32 and now think federal action is needed to allow everybody to bet straight 32 on everything.
Why do an IPO at all, if they will release a "negligible number of shares"?
A low liquidity IPO would likely result in a massive share price increase: the number of interested buyers would vastly outnumber the number of shares available.
Why the KeePass format should be based on SQLite (mketab.org)
SQLite seems like an odd dependency for a system which ultimately just journals events like "on 2026-02-24T19:36Z, entry 791 was created with username larry7 and password letmin" or "on 2026-02-24T20:51Z, the password for entry 791 became letmein2".
The keepass ecosystem is comprised of a dozen implementations of the KDB(X) file spec. Some are better than others. I built KeePass Tusk back in 2018, for example. This would kill the project and abandon 30K users without a rewrite of the JS engine (there are several now!) I agree with you that KDBX sucks, but at this point a keepass based on SQLite would be keepass in name only, a new password manager to migrate to.
Hey I’ve seen your project before! You bring up a super good point that I was thinking of when I brought up the idea that the extension should be renamed to .kp . Really the only reason to keep the KeePass name would be branding, people know and trust it. Honestly my dream password manager is essentially something that uses the CodeBook (by SQLCipher authors) storage format, but with the nice trustworthy, FOSS KeePass ecosystem chrome on top of it (keepassxc<-browser>, keepassium, etc).
Exporting to a relational db is beside the point. You can very easily just export a CSV file and double click it in DB Browser and have something working. Or you could export the XML document and write a quick importer for it. But genuinely what benefit does it provide other than allowing me to hack at my unencrypted db with sql statements? All the benefits that I was referring to are for daily usage of a KeePass client, not for a one off export.
But genuinely what benefit does it provide other than allowing me to hack at my unencrypted db with sql statements? None at all. That is why I am saying it should be entirely optional so most people can just ignore it and those wanting the alternate schema can get their feature request fulfilled.
Not a problem for XML per se (you can work with byte positions, and with fixed-size blocks to avoid resizing/relocation), but in the case of KDBX there is the issue that it is encrypted as a whole. Not encrypting as a whole, on the other hand, risks leaking more information about the contents, like you can see which parts/how much changed between one update and the next.
Whole-file encryption with authentication is also more tamper-resistant. Basically the only thing an adversary can get away with there is rolling back the entire file to a previous version. Whereas, any incrementally encrypted format has the additional risk of piecewise manipulations. For example, while SQLCipher authenticates each page, it doesn't authenticate the entire file, allowing for pages to be deleted, reordered, or duplicated (though duplication is easy to detect since each page has its own IV). The end result will generally just be a corrupted database, which will probably get detected by PRAGMA integrity_check, but compared to KDBX, this will not be detected by default nor is it guaranteed to be detectable at all.
Goodbye InnerHTML, Hello SetHTML: Stronger XSS Protection in Firefox 148 (hacks.mozilla.org)
the real win here is defense in depth for the markdown rendering case. if you have a markdown library that produces HTML and you want to inject it into the DOM, setHTML with a custom Sanitizer config that only allows your expected elements (h1-h6, p, a, code, pre, ul, ol, li, em, strong) gives you a second layer of protection against any parser bugs in the markdown library itself. previously you had to choose between DOMPurify (extra dependency, potential mismatch with browser parser) or rolling your own allowlist logic. having this built into the browser with the same parser that actually renders the content eliminates an entire class of mutation XSS bugs.
I don't think that's pedantic. Seems like a valid objection to me. So many issues in the client JS world originate from insufficient or bad browser APIs.
I don’t really think it’s pedantic it’s just that unless you preface a lot of comments on HN these days, you’ll get a lot of whataboutism and straw man arguments.
You'd never want to store the processed HTML anyway, this is website building 101.
I store both, to serve processed HTML faster, and to be able to rebuild it just in case. Is this ok?
This kind of thing always makes me nervous, because you end with a mix of methods where you can (supposedly) pass arbitrary user input to them and they'll safely handle it, and methods where you can't do that without introducing vulnerabilities - but it's not at all clear which is which from the names. Ideally you design that in from the state, so any dangerous functions are very clearly dangerous from the name. But you can't easily do that down the line. I'm also rather sceptical of things that "sanitise" HTML, both because there's a long history of them having holes, and because it's not immediately clear what that means, and what exactly is considered "safe".
> it's not at all clear which is which from the names. Ideally you design that in from the [start] It was, and there is: setting elementNode.textContent is safe for untrusted inputs, and setting elementNode.innerHTML is unsafe for untrusted inputs. The former will escape everything, and the latter won't escape anything. You are right that these "sanitizers" are fundamentally confused: > "HTML sanitization" is never going to be solved because it's not solvable.¶ There's no getting around knowing whether or any arbitrary string is legitimate markup from a trusted source or some untrusted input that needs to be treated like text. This is a hard requirement. < https://news.ycombinator.com/item?id=46222923 > The Web platform folks who are responsible for getting fundamental APIs standardized and implemented natively are in a position to know better, and they should know better. This API should not have made it past proposal stage and should not have been added to browsers.
Ideally you should be able to set a global property somewhere (as a web developer) that disallows outdated APIs like `innerHTML`, but with the Big Caveat that your website will not work on browsers older than X. But maybe there's web standards for that already, backup content if a browser is considered outdated.
[delayed]
the browser-native Sanitizer API has one advantage the library approaches don't: it uses the same HTML parser the browser uses to render. libraries like DOMPurify parse in a separate context then re-serialize, and historically that round-trip is where most bypasses came from. when the sanitizer and the renderer share the same parser, mutation XSS attacks have nowhere to hide.
It may be using some of the same deserialization machinery, but "parsing" is a broad term that includes things that the sanitizer is doing and that the browser's ordinary content-processing → rendering path does not. Even with this being a native API, there are still two parsers that need to be maintained. What a native API achieves is to shift the onus for maintaining synchronicity onto the browser makers. That's not nothing, but it's also not the sort of free lunch that some people naively believe it is.
I pitched a roller coaster to Disneyland at age 10 in 1978 (wordglyph.xyz)
I sent steve jobs (sjobs@apple.com) an email saying that MacOS should have an unspoofable dialog for the system password authorization, same way they have for DRM videos etc. I also suggested the user could choose a secret phrase or image to be displayed in the dialog during system setup. Never heard back. This was when Steve was alive and in charge. And to this day anyone can spoof the system password dialog and steal the system password…
>And to this day anyone can spoof the system password dialog and steal the system password TouchID solves this in a sense.
Make it look like the TouchID isn't working and switch to password mode, boom. User password obtained
I always wonder about how easy that would be to spoof, because it seems like it'd be trivial.
Around this age I went to a water park and was similarly inspired. I had the idea for making an entire water park dedicated to making sure people would get wet and jump onto rides from beginning to end. I called it "Totally Wet People", drew up an elaborate concept art for water slides, sprinklers, pools, tubes, etc. My mom thought it was hilarious and brought it to work (alas, she worked for the Navy at the time, not Disney). I got a lot of second-hand compliments from everyone at her work and it made me feel awesome for at least a couple weeks. Wish I had the forethought to send it to Six Flags or Disney!
Little did you know that your ideas were incorporated into Navy training. The Navy is wet work and you need practice working in such conditions. They unfortunately left out your concessions stands and the water slide. Sorry. (I know that submariners literally have water obstacle courses where they have to learn to, for instance, do some repairs while a compartment is flooding, but I’ve no idea what the Navy does as a whole).
I wrote to Sainsburys (large UK grocery store chain) in 1993, suggesting an idea for a "self checkout", where you would scan items yourself as you put them into your shipping cart. My anti-theft solution was that they'd weigh your cart as you left, to make sure you'd scanned everything! I never expected a reply, but was so stoked when I received a letter with a similar generic-but-enthusiastic reply, along the lines of "Thanks for such a creative idea!" Do kids still get the opportunity to experience things like this? I can't imagine that sending an email to a company's generic contact@ address is ever going to get the save kind of response - and certainly not something that they can proudly pin on their wall for motivation.
You'd have better luck mailing a letter, but to be honest the kind of "sending a letter and getting a reply from the CEO or some sort of higher up" is long gone unfortunately. There is a few exceptions, but all of them are for very old private companies. You will never get a reply from Pepsi as a kid with a new flavour idea. Or Disney about a new ride for that matter.
Pretty terrible in my experience. The good stuff for kids mostly moved to tablets and phones, but no keyboard and mouse is a limiting format, and you have to sift through a hundred bad apps to find the good one. Not much that runs easily on modern PCs comes close to the old magic. Tux Paint is actually very good, retaining the sense of whimsy that most modern software lacks. It's hard to describe but it almost feels to me like media today - this applies to games and films and everything - is often created at a meta level, a simulacrum of the real thing. Like in the 80s and 90s people were trying to make things that were fun and interesting and probably based on their life experiences. And now they're trying to make things that are the best distillation of whatever was most successful before. But that makes it feel dishonest, corporate. Even Microsoft in the 90s could still make stuff that felt fun and unique. There was a counterpart to Creative Writer called Fine Artist that was equally good.
This is a timely post. Just last night my 8 y/o asked if she could create a presentation on my laptop like they do at school. I have no idea what software they use at the elementary school. I've let her play around with Google Docs before. But what I really wanted was something like Creative Writer that is more kid friendly. I used Gemini (sorry) to suggest some software and it suggested "Book Creator" which is intended for schools/teachers. I signed up as a fake teacher and added my kids as students and they did create some really creative books, importing images, and adding their own drawings. But it's still missing that kid-friendly vibe like Creative Writer.
Check out Canva. It might even be what they're using at school already. It doesn't have the simplicity and fun of the old stuff, but it's intuitive to use even for kids. A lot of features where they're broken convention in ways that actually make more sense than the standard, for example resizing images keeps the aspect ratio by default instead of stretching.
When I was young I wrote to the Formula 1 team McLaren to ask if they could hire me for a student job. I didn't expect to get a reply, but I got one. The answer was negative, but I was happy. I never reflected about it until now, but maybe it learned me that asking doesn't cost anything, and that the worst thing that can happen is getting a negative answer? Not sure that was the turning point, but this is indeed my approach! :-)
When I was probably 10 or so, one of the largest computer magazines in the country had a job for a 'junior writer'. My 10yo brain did not realize that junior meant 'just finished the relevant education' and though 'hey, I'm a junior'. So I just called them up and the guy on the other side of the line was clearly confused what to say to me not to disappoint me too much and mumbled something like "the person responsible for hiring is not around". In hindsight, it's pretty ballsy for a kid to just call, if I had to do it ten/fifteen years later I'd have been pretty nervous. I'm a bit sad that we lose that innocent, carefree attitude later in life.
I think this is one of the ways in which the internet is dangerous for children. Gen X kids were starving for any adult not their parents to acknowledge their existence. Which made us targets for predators. But now we’ve overcorrected and acknowledgement is routine. That dopamine hit is practically free.
 Top