Unlurker|Replay|About
Show HN: Skub – a sliding puzzle browser game (skub.app)
It's interesting, couple of things you can fix/change: 1. It's annoying to be asked to provide username every time I complete a level. Can you simply remember my previous choice? Instead something like next level button would be my preference. 2. Tab works until it stops working, it will switch between game elements and then at one point it will focus on buttons (firefox, windows).
1. interesting, I already have something in place for this, it should auto submit after the first time, storing an anonymous userId in cookies. might have been too lax on the browser testing. 2. tab is not a first-class citizen, so your milage may wary :)
On the game page, pressing the browser's back/forward buttons changes the game state instead of navigating between pages. It would be great if undo/redo had their own dedicated buttons, and the browser back/forward worked as normal page navigation (e.g. going back to the main menu).
There is dedicated undo/redo in the panel, but good call that it should probably replace in history on state change, not push
Oh, they were right there and I missed them. Fun game! :)
Yes, AI is intelligent. Prove me wrong (bertrandmeyer.com)
Yes, God is real. Prove me wrong.
Some hypotheses are simply badly posed and will not lead to fruitful scientific investigation. For example, it may be my hypothesis that modern computers work through the agency of evil demons. You could spend a lot of time trying discussing with me how this hypothesis could be put to the test empirically. But it may be that this is not a disagreement that scientific inquiry is likely to resolve. So too, I think, with "intelligence" or "consciousness". What people are actually concerned about is economic impact, and we can have a fruitful debate over economic impact without discussing "intelligence" or "consciousness".
Indeed. I happen to think it is also useful to discuss "intelligence" and "consciousness", but nevertheless think these things are unconnected to the economic impact.
ARM AGI CPU: Specs and SKUs (sbcwiki.com)
ARM naming a chip AGI is either the most confident product launch in history or the best marketing we have seen in years. Probably both.
Or for certain people, it makes them cringe a little whenever they see it..
Not sure how to feel about this. Does this mean ARM is slowly moving from just licensing IP to actually competing with companies building on top of it?
[dupe] https://news.ycombinator.com/item?id=47506251 (18 minutes older, 6 comments)
This is my condensed version for the SBCwiki documentation focused on the key facts without all the unnecessary marketing around it
This is substantially more useful than the marketing fluff in the press release. Probably would have made sense to post this in that thread though
This seems bad, doesn’t it? I already know that there has been friction between arm and their customers over higher licensing fees since the IPO just trying to put this in context.
I wonder what the people at Ampere are thinking right now
FCC has banned the import of all new foreign-made routers here's what you can do (blog.adafruit.com)
This would be so much less of a pain if decent wifi pcie cards were available. It's all a bunch of very expensive kind of dodgy Compex cards, used for industrial or prototype purposes. Be prepared to spend $300+ for a single 4x4 MIMO card. And then you want to go dual band right? Thankfully the MediaTek offerings are somewhat available and much much much cheaper, but reports are that driver quality is just absymal. Meanwhile the openwrt table of hardware for wifi 6 and wifi 7 is a bare trickle already, and inceasingly not consumer routers but SBC. Thanks for the FCC messing things up brutally already, back in 2015, with requirements to make sure users couldn't possibly do anything out of spec, requiring these systems to be locked down. They almost banned open source outright, but in practice it feels like the requirements are high enough that they practically did. https://toh.openwrt.org/?features=wifi_be https://arstechnica.com/information-technology/2016/03/tp-link-blocks-open-source-router-firmware-to-comply-with-new-fcc-rule/ Frelling FCC! What dastardly deeds done against civilization! We would be so much more secure & protected, the bar would be so much higher if open source / openwrt was allowed to compete. You messed everything up already!!
Why do they do this? One purpose for taxes is to shape behavior. If the behavior they wish for is to have more manufacturing in the US, you increase the taxes of outsourcing it. IOW, you make it more desirable to manufacture locally.
I guess EU will have to retaliate, and forbid any US based routers, for exactly the same kind of reasons
America is really becoming the shithole country...speed run. The amount of corruption taking place is absurd. lol
This will keep expanding until a lot of radio equipment is locked down. This is an obvious first move, but the fundamental problem is there's nothing stopping your hacked radio equipment from usefully spying on whoever is in range, to a degree that simply isn't appreciated even around here. It's also a quasi inevitable side effect of the push to encrypt all communication back to the cloud, since now it's too easy for malicious devices to hide what they're sending back. Back to wearing the tin foil hat in my faraday cage.
According to Tom’s Guide, there isn’t a single consumer router currently manufactured entirely in the USA. Effectively banning all consumer routers.
This is just the trump administration blocking companies unless they pay the danegeld. Thats what this is all about: government level blackmail.
https://shop.netgate.com
Is there good legal analysis on this? It seems to vastly overstep statutory authority.
I've been appreciating Legal Eagle and Democracy Docket, hopefully they'll do a segment on this.
It also seems to vastly conflate routers with so-called wireless routers.
This is the same thing they did to drones. It's corruption. It doesn't even make sense from an extreme isolationist point of view, because there's no path to create domestic manufacturing. I'm guessing the rest of this looks like drones, too: FCC approval is given only to American companies that bribe members of the administration, and they raise prices through the roof. The routers are still manufactured overseas and there's no improvement in security.
It's almost as if there's a global push to make Rest of World harder to reach, for everyone. Between "age verification" - ID - laws being rolled out across many countries, rocketing transport costs, ICE at airports, incredible inflation of RAM prices, and now catastrophic restrictions on routers, none of this is making Rest of World easier to access. Let's not forget Russia and Iran both clamped down hard on general Internet access, and Israel and some of the Gulf states have set up aggressive restrictions on live reporting. I think we're heading to a balkanised Internet at the absolute best.
Why is there no path? Surely it’s possible to do?
There absolutely is a path to domestic manufacturing. It might be long and hard, but it does exist. Source: My company manages logistics for dozens of US manufacturing companies.
Then it needs careful consideration and compromise. Ramming through a change is just another signal that they can't get anyone to agree to it.
In theory but the difficulty in practice is that if you were to invest in local manufacturing you'd have to be sure that someone else won't be given a waver via lobbying / corruption and will then be able to completely undercut you. The current US administration lacks the credibility to give such assurances. Given existing models are exempt you're better of just delaying new models while you wait for a new admin.
I don't think it follows that a Democrat administration would reverse this.
I'm not sure the democrats could give such assurances either. If domestic manufacturing is 2x as expensive that's a lot of money that could be spent on campaign donations and still break even.
At least that checks "death by hobby drone swarm" off my possible apocalypses list
Can't wait to see the price of the first US made home router. We [USA] really need a formal designation of trusted supply chain partners. Would improve security and make a useful bargaining chip.
It’ll probably get rolled into ISP’s available hardware because (I believe) most people just lease from their ISP anyway. We’ll just eat the cost regardless.
No one would trust a US made router for fears of backdoors. Even if they did manage to make one, the market would be minuscule for it.
but they trust routers from china?
Seems like now is as good a time as any for people who know how to do this to build their own routers with Pfsense, Opnsense, ClearOS, or one of the many other firewall/router distros out there. You can get an old desktop or laptop that's more than good enough to be a router for basically nothing (or sometimes literally nothing) on Craigslist or Ebay. I suspect pretty much anyone who frequents this forum could probably figure out how to do it with a YouTube tutorial. Routers are pretty dumb computers, so you don't need something top of the line. Even if you want higher speed than the ethernet port built into the computer, you can buy old dual-port 10GbE PCIe cards for less than $50 on eBay as well. I've been running my own custom thing with NixOS for a couple years now, and it's been working great, and before that I ran ClearOS for a couple years, and before that I ran OpnSense for a couple years. They all work fine, and they're not too hard to set up. I recommend it to anyone who can figure out how to do it.
I have 2 MX4300 and 2 E8450. all run openwrt. Only wifi 6, but that is all I need for my family. Right now only using 1 of each and the other two are backups. I got them all super cheap when they were on sale.
Even easier, just throw together some iptables rules & install dnsmasq. Obviously out of reach of most non-techy people but it's not much worse than most self-hosted things people build. I've even done it with USB-Ethernet dongles. Maybe "whitebox" stuff will have a moment here. Buy a ARM based "computer" that just happens to have a built in switch and 802.11 radio, and separately purchase an SD card with the OS on it. Or, perhaps this will be VyOS's time to shine... https://vyos.io/ Can't really see anything really happening in the consumer space, but maybe business/enterprise will move in one direction or another.
The easiest one I've set up was ClearOS. I was happy enough with OpnSense but when I upgraded a network card I had issues with driver compatibility because of the FreeBSD core. ClearOS being Linux it worked out of the box, and getting ClearOS set up seriously only took me like fifteen minutes. I was shocked. I love my NixOS thing, because I am part of the cult of NixOS, but it's probably something I wouldn't recommend for most people because it was kind of a pain in the ass to get working. The reason I do it now is because it lives on the same box that is my server. I've looked into Vyos, it sort of reminds me of the Cisco stuff and it looks interesting, but it never seemed sufficiently better than my NixOS thing.
Having to debug NixOS offline (that is - without the aid of Gemini CLI) sounds like a special kind of pain.
You get used to it, honestly. I really don't think that the Nix language is nearly as bad as people say it is once you get used to it, and I've been using NixOS since before ChatGPT was released so I've gotten pretty ok with it. Plus, there are niceties like being able to use variables for things like interface names which makes it pretty nice. Also, something kind of nice about NixOS is that once you get it working, it kind of stays working. I have my config file backed up to Sourcehut, and I'm relatively confident that the configuration file is an accurate representation of reality.
I do the same with an old Optiplex and OpenWRT but I want to make clear the power consumption of an x86 box is magnitudes higher than an embedded-ARM box and is something to consider when leaving running 24/7. If you were to use a NUC or NUC-like form factor, power may be less of an issue.
Yeah, I'm using a mini PC with a thunderbolt 10GbE card. According to my Kill-a-watt, most of the time it hovers around 10 watts of power. Not as low as something like a Raspberry Pi but within my pain threshold. Though that said, even with a regular old desktop, which is what I used before, the power consumption actually didn't get that high. Even with a lot of torrent traffic FROM LINUX ISOS, it generally hovered around 35W of power, and considerably less when it wasn't busy. Maybe I just had a decent power supply in there, not sure, it was literally a desktop that I got for free from a neighbor that was moving.
Yeah I've investigated this before and found as well those old Intel dual/quad 10GbE PCI-E cards have quite a high idle power consumption just on their own
How does the hardware compare to router hardware? Do they have faster switching and network routing?
Consumer routers are just Arm chips running linux, a wifi card, and a network card with a switching chip. I have a little Intel Atom box that i use for my network edge running OPNsense, and it is indistinguishable from any consumer router I've tested it against.
I use a 10GbE switch that was retired from a datacenter, so the switching is as good or better than most things. It wasn't expensive, I think I paid less than $70 for it. As far as network routing is concerned, I haven't been able to see much of a difference. iperf3 shows that two wired connections I'm getting about 9.4Gbps, which is well within any tolerance I need. The router that Verizon gave me only had 2.5Gbps ports so I can't quite compare apples to apples, but the latency was generally pretty similar. I mostly just like the level of customization I'm allowed to have. There's no arbitrary limits to port forwards and I can install extensions or write my own if I want.
How do they even think they can enforce the firmware provision? Erect a great firewall? Fine me, the American user, for downloading a firmware update?
> Erect a great firewall Yes and nobody would do anything to stop it, really :(
Every Unix and 9front OS can be a router with two interfaces. > Firmware updates for existing covered devices are allowed, but only through March 1, 2027. Good luck enforcing that with libre firmware without being sued with some amendment until oblivion and the FCC -the irony- gets sued like crazy.
You probably don't even need 2 interfaces https://en.wikipedia.org/wiki/Router_on_a_stick
Let me use my UniFi
I bought their Dream Router 7 and this is pure junk. Slow. Poor signal (you have to sit by the router to get full signal. Go to the other room and you get drop outs).
(reposting this comment from the other thread which discusses the same topic, I'm sorry for any trouble that may cause) From one side, that sure... does have some point. Well, I mean, one could potentially install some kind of a backdoor on the networking hardware they produce, and if it's state-controlled, then it could potentially be a threat. From the other side, though... That's crazy. Maybe I'm missing something obvious, or maybe I'm just stupid, I don't know; but at this point, with almost no manufacturing in the USA, this feels like shooting yourself in the foot. Or rather, it's like shooting yourself straight up in the head if manufacturing will not be efficiently (so it can satisfy the demand) moved to the USA (which is a big challenge).
The good news is this domain doesn't call for cutting edge, 2 nm process. There are more than a half dozen fabs in the US which can produce networking chips like ethernet controllers, line drivers, SOC, etc: Intel, TI, Samsung, et al. If US wanted to onshore routers, we could make it happen.
If I understand the determination on which the FCC decision is based: https://www.fcc.gov/sites/default/files/NSD-Routers0326.pdf a router produced in the US from foreign-made parts - like controllers, drivers etc. - is not in the "covered list". Although I admit the wording is vague: "produced in the US".
> If US wanted to onshore routers, we could make it happen It will take months if not years to get a product to market.
You are missing something. Trump is open for business, and will happily give you an exemption in exchange for a large sum of cash.
Will he do this for Chinese manufacturers? I'm not sure, but I think they have a decent market share. If this is true, then, I guess, there will still be some missing supply, at least in the short term. Now, that's not even the main problem. Imagine if someone did something like this with RAM or NAND. Again, maybe I'm stupid, but this sets a precedent. It's not currently possible to move RAM manufacturing (fully satisfying the demand) to the USA, though, so I doubt anyone sane would try to do so.
Yeah, this is probably the point. His MO, over and over, is to take something away from you and then sell it back.
I just bought a new router 6 months ago to support wifi 7. Hopefully manufacturers will be willing to jump through the hoops for long term support. Don't want to Flash OpenWrt.
"I sure hope corporations will keep on capitulating and eroding everyone's freedom because I don't want to think for myself" Very enlightened and useful comment, thank you for your participation.
this administration is going nuts day by day. I don't know how people are even tolerating.
Lotta people just stick their heads in the ground and ignore it, exactly like they did with all the warning signs during trump’s last term.
Too many people have rebuilt their entire identity around the guy. It's just like people who get scammed and then keep giving money to the scammer even after you tell them what's going on. Admitting that they've been scammed would be a blow to the ego that they can't handle. Combine that with a general inability to understand or empathize with what's going on outside what they can directly see. How many Trump supporters have we seen who loved him cracking down on illegal immigrants until the crackdown came for someone they cared about, then suddenly it was an outrage (but only an outrage in that specific case)? How many have cheered tariffs until they had to pay a bunch more money for something? How many said "no more wars!" and thought it was great how Trump didn't invade anyone in his first term, and now are saying that attacking Iran is great because they've been an existential threat for half a century? This will be the same way. It'll be, yeah, stick it to those foreign bastards. America First! Then in a few months or years, "The store doesn't have any routers, what the hell?"
This is completely sane and consistent with the incessant lies, and crackdown on free speech across the US-owned internet. The free flow of information is a threat.
“Day by day?” “Tolerating?”
It has nothing to do with the current administration. The Secure Equipment Act was passed in 2021 and signed into law by Joe Biden. > This law requires the U.S. Federal Communications Commission (FCC) to issue rules stating that it will no longer review or approve any authorization application for equipment that poses an unacceptable risk to national security. https://en.wikipedia.org/wiki/Secure_Equipment_Act
That says "telecommunications equipment" and it sounds like its talking about network equipment. The page you link to does not mention any developments since 2022 so what has changed this month?
That's not entirely true. The Secure Equipment Act itself was passed in 2021, but the law itself doesn't proscribe any particular equipment or manufacturers. Instead, tells the FCC to create a list and delegates listing duties to various parts of the executive branch (national security agencies, Commerce, the Federal Acquisition Security Council). That's what changed yesterday and it was in fact done by the current administration.
That act does not require the FCC to issue any blanket ruling like this. And the "unaccceptable risk" provision is legally dubious at best.
There is quite a stretch from “unacceptable risk to national security” to “absolutely any foreign-made equipment”. And that stretch has everything to do with the current administration.
The Biden administration declared ZTE, Huawei and a few other small Chinese companies as supply chain risks and prohibited importing their hardware --- the Trump administration just declared every single router made overseas as a risk. If you can't tell the difference between those two things... https://docs.fcc.gov/public/attachments/DOC-420034A1.pdf
The people who can leave are leaving, those who cannot remain until potential change is possible. Bloomberg Editorial Board: The US Must Not Become a Nation of Emigrants - https://www.bloomberg.com/opinion/articles/2026-03-20/immigration-americans-yearning-to-leave-should-scare-lawmakers | https://archive.today/a9DbM - March 20th, 2026 > A recent analysis found that US emigration has reached unprecedented levels. Much of this exodus is due to the administration’s deportation efforts, but by no means all. Last year, at least 180,000 American citizens left the Land of Opportunity to find a better life elsewhere. > During the recession of 2008, a Gallup poll found that about 1 in 10 Americans wanted to permanently leave the country. That figure is now 1 in 5. Among women ages 15 to 44, it’s a whopping 40%. Some of that sentiment is tied to politics, of course, but the emigration trend predates the current administration.
I'm one who left before term one because I anticipated bad things happening. Term 2 is far worse than even my worst expectations. So far I have 2 good friends who left, and a few others got remote jobs and are currently working towards leaving. There's a whole world out there and a lot of it is great. I recommend trying a year outside to everyone I know, and I'm confident most people will be happy (excluding those who like seeing their extended families on a weekly basis, which many people do)
I take the Michael Bolton attitude, why should I leave, he's the one that sucks. There are elections coming up.
are there though?
They are until they aren’t.
Country that put backdoors in Cisco routers to spy on world bans foreign routers (theregister.com)
Cisco been hiding this in plain sight since 2004: https://www.educause.edu/ir/library/pdf/CSD4291.pdf Love seeing pop up like it’s new or something.
If I was more paranoid, I'd start thinking the ban is to make it easier to spy on us by limiting our choices to a few domestic vendors who can be coerced by regulatory capture and "for the kids" political rhetoric.
that makes sense, but i suspect it is more likely to be a bribery scheme. ("why not both!" someone yells)
> Country that put backdoors into Cisco routers to spy on world bans foreign routers Says the tech rag hailing from the 5-eyes nation known as the UK...
Um, this is not an example of hypocrisy? If I punch you in the nose, I am not a hypocrite if I block your attempt to punch me back.
There is no rule based order, and when it comes to state security establishments, the US or any other, there are no good guys.
The AI Industry Is Lying to You (wheresyoured.at)
The lying is not even subtle anymore. The gap between the demo and the product has never been wider and people are starting to notice.
Ah yes, now that the rails are all built what could we possibly do next?
I don't think Ed has made a single correct LLM prediction, despite posting in a fury probably monthly since ChatGPT was released. Grifters gonna grift
I don't think Sam Altman has made a single correct AGI prediction, despite saying AGI is a few months off. Grifters gonna grift
"The market can stay irrational longer than you can stay solvent"
The article takes an odd turn in the second half and seems to veer from a very interesting deep-dive into how a lot of backlogged US data center production may correlate with GPU "slippage" via questionable resellers and GPU rental outfits to China
i see him brag about how long these astroturf joints are on bluesky. had been a while since i'd tried to actually scroll through one and it makes sense now: so much more space to spawn subscription promos. better offline indeed
Something I heard a person say recently: > Isn't it weird how there is no huge industry pushback on all this new AI datacenter power need, as there was about electrifying vehicles?
Was there a big industry push back against looms, tractors, computers, or the internet?
There used to be a social contract, but now there are so many people that it's a problem that there is no work for the displaced. The leverage between the very small number of people with vast amounts of capital and a large number of people with very little capital or leverage - this is a societal dynamic that has existed before in the world. There is historical precedent for this, and it's probably worth paying very close attention to what comes next if you are a very wealthy person pushing against all forms of wealth redistribution.
Famously against looms, yes. That's how we got the term Luddite, that rapacious capitalists redefined to be a negative.
Railroads, e-commerce, and AI - all useful, all were (or may be) credit/stock bubbles. Railroads however have a much better depreciation schedule than GPUs.
He isn't arguing that AI is useless. Only that Nvidia is propping up a massive financial deck of cards and that all the giant numbers being tossed around are fantasies.
An analysis of datacenter commitments and GPU purchasing through how much power they will demand vs how much is available. As someone who only has a passing interest, there isn't anything distilled enough in this article for me to comment on as the central point. Everyone seems to be reporting impossible numbers, and buying dramatically more hardware than they can install in a reasonable timeframe given the pace of the industry.
Arm AGI CPU (newsroom.arm.com)
This is like naming your kid World President Smith.
Meta are heavily invested in building their own chips with ARM to reduce their reliance on Nvidia as everyone is going after their (Nvidia) data center revenues. This is why Meta acquired a chip startup for this reason [0] months ago. [0] https://www.reuters.com/business/meta-buy-chip-startup-rivos-ai-effort-source-says-2025-09-30/
How fun would it be if due to improved chips handling mote model state RAM needs are reduced and Sama cannot make all those RAM purchases he booked? VC without a degree who has no grasp of hardware engineering failed up when all he had to do was noodle numbers in an Excel sheet. He is so far behind the hardware scene he thinks its sitting still and RAM requirements will be a nice linear path to AGI. Not if new chips optimized for model streaming crater RAM needs. Hilarious how last decades software geniuses are being revealed as incompetent finance engineers whose success was all due to ZIRP offering endless runway.
[delayed]
The thing they are good at is bullshitting and selling hype. Which we see here doesn't mean they are actually going to be good at running a business. Smart leaders understand they are not omnipotent and omniscient so they surround themselves who know how to get things done. Weak, narcissist leaders think they're the smartest one in the room and fail. Unfortunately failing upwards is still somehow common, probably because the skill of parting fools from their money is still valuable.
What does "Built for rack-scale agentic efficiency" even means?
It's volume of tokens consumed x number of agents x rack space. Basically agentic computation density.
Translation: “Can you give us some money pretty please?”
It's when LLM agents are inefficient that you need a whole rack of servers to get shit done.
I was gonna say just big DCs in marketing yap but really wtf does that mean?
It's a code sentence for let's go to the utility room to cross pollinate ideas.
We just say words now that sound good for marketing but have no real meaning.
I found this article extremely frustrating to read. Maybe I lack some required prior knowledge and I am not the target audience for this. > built on the Arm Neoverse platform What the heck is "Arm Neoverse"? No explanation given, link leads to website in Chinese. Using Firefox translating tool doesn't help much: > Arm Neoverse delivers the best performance from the cloud to the edge What? This is just a pile of buzzwords, it doesn't mean anything. The article doesn't seem to contain any information on how much it costs or any performance benchmarks to compare it with other CPUs. It's all just marketing slop, basically.
> The ARM Neoverse is a group of 64-bit ARM processor cores licensed by Arm Holdings. The cores are intended for datacenter, edge computing, and high-performance computing use. The group consists of ARM Neoverse V-Series, ARM Neoverse N-Series, and ARM Neoverse E-Series. https://en.wikipedia.org/wiki/ARM_Neoverse
I was wondering who convinced ARM to manufacture hardware. Turns out it was Meta.
Fabless. Like AMD and Nvidia. So I would think about it more as branding and packaging than Manufacturing
AGI = Agentic AI Infrastructure In case you were thinking about some other abbreviation...
I think this is kind of a poetic encapsulation of the AI industry at this point. A beautifully poignant vignette.
What a terrible, terrible name.
I mean, they could at least use AI to figure out how to name their AI product.
Show HN: Email.md – Markdown to responsive, email-safe HTML (emailmd.dev)
I hope .md domains do not become a security hole as Markdown raises in popularity...
Markdown is the secret winner of the AI early years.
cries in org-mode
Any "HTML emails" get filtered straight into the spam folder here. I think I'm not part of the target audience here.
I like how you aren't hiding the fact this is MJML under the hood and don't layer complex abstractions over MJML spec like similar projects ( cough react email cough ). The devs maintaining MJML deserve so much credit for dealing with Gmail/Outlook's monopoly bullshit and 2007 html. Nice idea for those who manage content in markdown. I've moved away from putting emails in my codebase, but seems great for founders moving fast.
Thanks! I agree - the MJML team has laid so much groundwork and it frankly made this project possible.
I wish people just sent plain text.
Plain text? Pffft. Human language is an unnecessary abstraction, just like images. I wish everyone would communicate in pure Binary.
A picture is worth a thousand words.
But they are a lot easier to see and click (accessibility, larger hit area). You could have a larger text instead of a button, but changing font size is also HTML and not plain-text anymore.
You can just send a link, and the user's client will probably highlight it even if it is plain text.
Yea, but how will they hide all the tracking URLs and base64 encoded PII from you in the email?
Show HN: TopMail – LaunchFest Winner, $20/Mo Unlimited Email, Coding Agents API (topmail.so)
Been following TopMail since before launch. Much easier setup than MailChimp and the pricing is a big plus. Cool to see it win LaunchFest - well deserved.
Thanks Mike, appreciate the early support! Lot more coming soon.
It’s about time! Flat rate will change everything, espescially for small startups like mine. Can’t wait to dive in and check the platform out. Sounds like a lot of thoughtful improvements over Klaviyo generally.
Thanks! Would love to hear what you think once you're in there. If anything feels off or missing vs Klaviyo, let me know — still early and building fast.
I will do for sure. Congrats on the win at Launch!
Hypura – A storage-tier-aware LLM inference scheduler for Apple Silicon (github.com/t8)
For a lot of local workloads, sub-1 tok/s is useless in foreground and perfectly acceptable in background. If the choice is “this crashes” vs “this finishes overnight,” that’s still a meaningful capability jump.
Kimi 2.5?
That model is "open weight", not open source. We have no idea what data Moonshot trained on.
the practical question is whether the read pattern is sequential enough to actually saturate nvme bandwidth or if the attention layer access pattern ends up being random enough to kill throughput. sequential reads on a decent nvme get you 5-7 GB/s, random reads drop to maybe 500 MB/s depending on queue depth. for a 1T model youd need to stream something like 2TB of weights per forward pass at fp16. even at peak sequential thats 300+ seconds per token which is... not great for interactive use but maybe fine for batch inference where you dont care about latency. still a cool proof of concept though. the gap between 'can run' and 'runs usefully' is where things get interesting.
4K random read with a queue depth of 1 on an M1 Max is about 65MB/s.
Yes, definitely agree. It's more of a POC than a functional use case. However, for many smaller MoE models this method can actually be useful and capable of achieving multiple tokens/sec.
This is <1 tok/s for the 40GB model. Come on, "Run" is not the right word. "Crawl" is. Headlines like that are misleading.
Could still be useful; maybe for overnight async workloads? Tell your agent research xyz at night and wake up to a report.
Intel Optane rolling in its grave.
Memristors are also missing in this AI hype even when they were around the corner 10 years back.
> but in a 'smart' way so you don't overload the NVMe unnecessarily "overloading NVMe"? What is that about? First time I've heard anything about it. > because putting a ton of stress on your NVMe during generation Really shouldn't "stress your NVMe", something is severely wrong if that's happening. I've been hammering my SSDs forever, and while write operations "hurt" the longevity of the flash cells themselves, the controller interface really shouldn't be affected by this at all, unless I'm missing something here.
Hypura reads tensor weights from the GGUF file on NVMe into RAM/GPU memory pools, then compute happens entirely in RAM/GPU. There is no writing to SSDs on inference with this architecture.
This is not putting any stress or wear on the NVMe, it's a pure read workload.
Yes, exactly this.
Where does "1T parameter model" come from? I can only see models with 70B params or less mentioned in the repo.
I'm referencing it as being possible, however I didn't share benchmarks because candidly the performance would be so slow it would only be useful for very specific tasks over long time horizons. The more practical use cases are less flashy but capable of achieving multiple tokens/sec (ie smaller MoE models where not all experts need to be loaded in memory simultaneously)
Don't post generated/AI-edited comments. HN is for conversation between humans https://news.ycombinator.com/item?id=47340079
Noted, thanks. I had LLM help positioning this message but I did the initial draft along with edits. Will keep in mind for the future.
This is interesting work, thank you for sharing. What hardware would you buy today for experimenting? Seems like the new gen of macbook pros are pretty powerful?
Yes definitely. I use a M1 Max with 32gb of RAM daily and it's about on par from a performance standpoint with the new base M5 Pro 24gb. You can check the benchmarks in the repo if you're interested in seeing specific performance metrics, but investing in Apple hardware with as much memory as possible will generally get you furthest in this game.
No Terms. No Conditions (notermsnoconditions.com)
i do wonder if the world would be a better place if instead of lawyers we had cage matches
The URL basically nulls the license agreement.
> By accessing or using this site, you acknowledge and accept the following terms. I’m pretty sure this is already questionable in the EU.
I would say it's just not true - not questionable. Consent requires you to actually consent. Visiting a website isn't consent to anything. Otherwise any website I have will soon include the following TOS: > By accessing or using this site, you transfer all of your property to [my name].
It depends, not everything requires explicit consent. Where it doesn’t, it’s sufficient if the terms are clear, understandable, and transparent. The last criterion means that the terms must be prominently advertised in the locations where they apply.
I like how, even when the whole point is to not have any terms or conditions, there are still disclaimers. "Only for lawful purposes," "no warranty," "we are not responsible." Those are still terms and conditions!
If anyone knows that rules exist to be broken, it's Jorji. Glory to Cobrastan.
I recently had to confirm to a brokerage that I won’t be using the money I’m withdrawing for any illegal activities. A sure sign of a legal team or possibly an entire legal system having lost the plot. Hopefully only the former.
This is probably a meek attempt at demonstrating compliance with Anti-Money-Laundering (AML) laws and regulations. Lawyers will often suggest this sort of thing, because the only cost is a slight inconvenience to the client, and it might suggest 'good faith' in the case of a prosecution or enforcement action.
I wonder how many one-sentence prompts have made it to the HN front page at this point.
I don’t know, but it’s kind of boring to speculate since computers easily beat us at chess and go.
> I will not argue with you about how obvious it is. Good. Don't. Because it is exceedingly plain, if concise, English.
This is exactly the kind of comment I politely asked people not to make. Did you see the actual lawyer saying they don't know what it means?
A statement that "If you're not a lawyer then I'm not." is blunt, not particularly polite or not. In any case, (a) it's not a request, and (b) if you truly want to control the narrative, then perhaps you should just do that from your own blog.
> > Access is not conditioned on approval I practice law in California. I've written terms of service that many, many people here on HN will have agreed to. I read this line and didn't know what it meant, or what it intended to mean. That said: > If you are actually a lawyer then it'd be interesting to hear your guidance, which I very much understand is not legal advice. If you're not a lawyer then I'm not. There's no good way to validate lawyerdom on public social media like HN. And while the average lawyer probably remembers enough from law school or bar exams to know slightly more about Web terms of service and legal drafting than the average person, there's nothing to stop non-lawyers from reading up and learning. Eric Goldman's Technology & Marketing Law Blog is a great, public source covering cases on ToS and other issues, for example. The Bar monopolizes representation within legal institutions. Don't cede the law itself to lawyers.
You can be competent without being a lawyer, sure. But if you see the other replies to my comment, you see why I would use this as a filter. The dumbest person can be right, but as a lawyer, your guess is much better. I don't cede the law. It's just that if I find this unclear, then J Random Hn commenter's opinion wouldn't reduce my risk. I won't be acting based on your opinion either, of course, but the quality of your reply is clearly in a different class from the other two.
Sounds like a smart strategy then. Use an amateur license. People who just want to do stuff know they have your blessing. Corporations will stay away or pay up, not because you made them, but of their own volition. Everyone is happy. Of course even better is to simply have no explicit license, especially for something like code. Normal people can assume they can do whatever they'd like (basically, public domain). Lawyers will assume they cannot. The only thing stopping someone is their own belief in their self restrictions. i.e. you can use the thing if and only if you don't believe in my authority on the matter.
You are essentially saying that shoplifting is legal because as a civilian you are unlikely to get caught. This is a terrible take. All it takes is a litigious jerk, and you could get bankrupt.
You are essentially saying that walking is safe because as a civilian you are unlikely to get robbed. This is a terrible take. All it takes is an angry mugger, and you could get killed.
Walking is not illegal. That's why your analogy doesn't work.
I'm not. In saying people who want to share their work should just do so. If your goal is to not have terms, don't have terms. Don't lend credibility to the idea that you need to by default.
No explicit license is not basically public domain. In most jurisdictions it means the default is full copyright, so permission is less clear, not more. The practical effect is usually to increase ambiguity rather than grant freedom.
That's the point: it's a rejection of the premise that you need these sorts of terms. You treat the law as the farce it has turned itself into. If people reject the farce, they can use it. If they support the farce, they can't. In a sense, an anarchist's viral FOSS license.
WolfGuard: WireGuard with FIPS 140-3 cryptography (github.com/wolfssl)
I know software developers complain about forced compliance due to the security theatre aspects, but I would like to charitably ask from someone who has technical understanding of FIPS-compliant cryptography. Are there any actual security advantages on technical grounds for making WireGuard FIPS-compliant? Assume the goal is not to appease pencil pushers. I really want to know if this kind of effort has technical gains.
If you're considering whether to use a FIPS 140-3 module for your cryptography, consider that FIPS 140-3 is really only for specific compliance verticals. If you don't know whether you need it, you probably don't need it. So, along those lines, if you wonder whether a package's cryptography should be FIPS 140-3 compliant, then the real question is whether you are a vertical that needs to be compliant. Again, if you aren't sure, the answer is likely NO.
OpenVPN looks like a regular tls stream - difficult to distinguish between that and a HTTPS connection. WireGuard looks like WireGuard. But you can wrap WireGuard in whatever headers you might want to obfuscate it and the perf will still be better.
>OpenVPN looks like a regular tls stream - difficult to distinguish between that and a HTTPS connection. I thought openvpn had some weird wrapper on top of TLS that makes it easily detectable? Also to bypass state of the art firewalls (eg. China's gfw), it's not sufficient to be just "tls". Doing TLS-in-TLS produces telltale statistical signatures that are easily detectable, so even simpler protocols like http CONNECT proxy over TLS can be detected.
It's trivial to make WireGuard look like a regular TLS stream. It's probably not worth a 15 year regression in security characteristics just to get that attribute; just write the proxy for it and be done with it. It was a 1 day project for us (we learned the hard way that a double digit percentage of our users simply couldn't speak UDP and had to fix that).
It is, we did the same. It is a shame that only Linux supports proper fake TCP though.
↙ time adjusted for second-chance
Testing the Swift C compatibility with Raylib (+WASM) (carette.xyz)
It's also industry standard to do so. I don't think I've ever seen a team outsource something like pathfinding. Maybe in the Unity/Unreal space, which I'm very unfamiliar with. Dependencies are generally speaking not viewed as a good thing. They become vanishingly rare outside of certain things like physics engines, sound engines, vegetation, etc. And usually higher quality proprietary ones are chosen over OSS (though this is changing with physics engines in particular, mostly thanks to Bullet) NIH is a cultural pillar. Even scripting layers are relatively split on if they're in-house or not. It's not uncommon to find both an in-house fork of Lua + a few other completely custom scripting engines all serving their own purpose.
Pathfinding middleware has traditionally been a thing though, e.g. apart from the mentioned ReCast (which is the popular free solution) the commercial counterpart was PathEngine (looks like they are even still around: https://pathengine.com/overview/ ). If you need to do efficient path finding on random triangle geometry (as opposed to running A* on simple quad or hex grids) it quickly gets tricky. What has undeniably declined is the traditional "10k US-$ commercial middleware". Today the options are either free and open source (which can be extremely high quality, like Jolt: https://github.com/jrouwe/JoltPhysics ) or fully featured engines like Godot, Unity or UE - but little inbetween those "extremes".
> Today the options are either free and open source (which can be extremely high quality, like Jolt: https://github.com/jrouwe/JoltPhysics ) I did mention this was changing in particular with physics engines. That being said, proprietary dependencies still reign supreme in places like audio engines. Something like OpenAL isn't really a replacement for FMOD or Wwise. I know those off-the-shelf engines roll their own replacements, but then they also roll their own pathfinding and navmesh generation as far as I know.
From https://recastnav.com : > Industry Standard - Recast powers AI navigation features in Unity, Unreal, Godot, O3DE and countless AAA and indie games and engines I see the industry is of full double standards :)
https://www.mobygames.com/group/9867/middleware-recast/ It's not a terribly long list, it seems, even if it's non-exhaustive. > I see the industry is of full double standards Absolutely, and that's why it's so great. No two companies are going to look the same. The culture of the video games industry is a rather unique one that's kept its archipelago syndrome alive against all odds. It'll be a sad day if that ever changes.
Apple Business (apple.com)
Nothing like account termination with all your corporate email with no recourse and support because fuck you that's why. Absolutely do not touch this product with a ten-foot pole.
Will this allow iPad profiles? I think that’s a feature in edu? Would be a game changer.
I recently tried setting Apple Business Manager for our ≈20 people SME. The first step was "Domain Lock/Capture" which takes over all Apple accounts for a specific domain. I've never had a worse experience from Apple. The process is buggy, filled with foot-guns and dead ends. It expects huge amounts of work from users who have had their account for more than a few weeks and are expected to remove a lot of their personal data before their account can be migrated (e.g. do you know how to delete all your Health data?). The process is also impossible to cancel. Phone support was par for the course, e.g. tickets escalated to the abyss, suggestions to restore workstations to factory settings, etc. Be warned.
This was my experience switching from GMail to Apple’s mail service. I switched back after a few days.
We use Apple Business Manager. Locking a domain is not a requirement if you're just doing basic MDM, I'm pretty sure. (I also had a negative experience with it, so we didn't use it and everyone just uses their personal apple IDs). Is it no longer possible to skip this step in setting up the account?
So will Apple users be able disable these ads in maps?
The nice thing about many of the native apps compared to their Google pendants is the absence of ads, with the glaring exception of the app store, which looks like a dumpster-fire. It is so disheartening to see the trend of shoving ads everywhere continue with Apple as well. I guess the profits are just too tempting to stick with idealistic UX decisions, if there was any of that left in the first place.
Yep. People who have never tried to add Mac support to an existing organization do not realize how freaking expensive it is. There are basically two cases. If you use Microsoft, you are often already paying for Entra ID and Intune, then still adding the Apple-side pieces for Mac support: Apple Business Manager and often Jamf or Kandji. If you do not use Microsoft, you are buying the full stack yourself: Okta or JumpCloud for identity, Jamf or Kandji for device management, and Apple Business Manager for enrollment. Apple Business Manager is free, but the rest is not, and the cost adds up fast. This means that, in practice, a managed Mac can easily end up costing close to twice as much to support as a Windows device.
The only thing you need out of any of those to correctly support the Mac is an MDM, of which there are free ones and expensive ones and everything in between. So long as it can deploy configuration profiles and declarative management configs, you can spin up Munki to be your pkg/script runner and script the rest. Installomator to install and patch applications. But if you also wanted identity, there are plenty of free selfhostable SSO/ID providers out there. If you're just starting out and not at the scale where a big Microsoft CoPilotM365OfficeWhatever contract makes sense, you probably don't even really have a need for a lot of this stuff. A minimum contract for Jamf Pro is like $5k a year or something. That's two well kitted developer MacBook Pros per year in license costs.
> Apple's office suite is my favorite I've ever used, and it's not close. I’ve written many comments criticizing this. Do you use a lot of keyboard shortcuts when you use Numbers or Pages or Keynote or do you use the trackpad/mouse a lot? I generally find these apps and others lacking on the keyboard front, by which I mean that it’s almost impossible to use them without a trackpad or a mouse. I can completely live with just a keyboard on Excel or LibreOffice Calc. BTW, I hate all the MS Office applications (and find them quite buggy and annoying) except for Excel. Maybe I’m just a lot more used to using Excel.
Can’t you set up keyboard shortcuts for basically any action in a MacOS app?
It's not pretty, but both Pages and Numbers are pretty powerful in their modern incarnations. If you actually need Microsoft Office, then you need it, but a lot of people who don't think they could get away with just Apple's freebies probably could. (Disclosure: I write 99% of my stuff in Emacs now, so I'm not going to go that far out on a limb for iWork. It's just that it's the best "Works"-style suite that I've used.)
Needing VBA is more common than you think. Excel really has no competitor.
Hypothesis, Antithesis, Synthesis (antithesis.com)
Hi David, congratulations on the release! I'm excited to play around with Hypothesis's bitstream-based shrinking. As you're aware, prop_flat_map is a pain to deal with, and I'd love to replace some of my proptest-based tests with Hegel. I spent a little time looking at Hegel last week and it wasn't quite clear to me how I'd go about having something like a canonical generator for a type (similar to proptest's Arbitrary). I've found that to be very helpful while generating large structures to test something like serialization roundtripping against — in particular, the test-strategy library has derive macros that work very well for business logic types with, say, 10-15 enum variants each of which may have 0-10 subfields. I'm curious if that is supported today, or if you have plans to support this kind of composition in the future.
Sorry I meant "proof method" as more like "this was this guy's angle of attack", not that they would've thought each others angles were valid at all or that they're commensurable with say, 20th century formal proof logic (or Aristotelian logic for example). Descartes and Leibniz were squarely the rationalists that Kant wanted to abolish, and Hegel rejected Kants distinction between noumena and phenomena entirely, so they're already starting from very different places. I guess it would be more accurate to state Kants actual premises here as making the distinction between appearance and thing-in-itself rather than the deduction, but the deduction technique itself was fascinating when I first learned it so that's what I associate most with Kant lol. I guess I have not thought critically why we couldn't use a Transcendental argument to support Descartes. I just treated it as a vague category error (to be fair I don't actually know Descartes philosophy that well, even less than I know Kants lol). Could be a fun exercise when I have time.
>I guess I have not thought critically why we couldn't use a Transcendental argument to support Descartes. The previous section within the Transcendental Dialectic that focuses on the nature of the soul goes into a refutation of Descartes' statement. Kant basically finds "I think therefore I am" to be a tautology that only works by equivocating the "I" in each clause. "I think" pretends that the "I" there is an object in the world which it then compares to the "I am" which is an object in the world. Kant argues that "I think" does not actually demonstrate an "I" that is an object but rather a redundant qualification of thinking. I am being a bit imprecise, so here is SEP's summary: >For in each case, Kant thinks that a feature of self-consciousness (the essentially subjectival, unitary and identical nature of the “I” of apperception) gets transmuted into a metaphysics of a self (as an object) that is ostensibly “known” through reason alone to be substantial, simple, identical, etc. This slide from the “I” of apperception to the constitution of an object (the soul) has received considerable attention in the secondary literature, and has fueled a great deal of attention to the Kantian theory of mind and mental activity. >The claim that the ‘I’ of apperception yields no object of knowledge (for it is not itself an object, but only the “vehicle” for any representation of objectivity as such) is fundamental to Kant’s critique of rational psychology. [1] https://plato.stanford.edu/entries/kant-metaphysics/#SouRatPsy
Oh interesting. I've basically quotiented out all social science all my life and stuck strictly to STEM, so my stack is, a lot of analytic + philosophy of science. A lot of pure math and CS (all across the stack), and recently physics because of job. I try not to comment on social issues (though Continental vibes generally seem righter to me the more I study it) But I've never thought critically (in a long time) about applying it back to social science / political philosophy. Mind discussing more about what you're reading and targeting? I've personally avoided a lot of studies in this area because I didn't think they were actually rigorous but I probably just don't know where to look.
Microeconometrics tends to be quite rigorous and easy to validate. They won't hold up to physics levels of rigor, of course - probably a bit more at the medical studies level of rigor. David Card, Gary Becker, McFadden, etc. Rigor is also... there's something about letting perfect be the enemy of the good. If noone will apply math unless you can 100% reliably reproduce controlled experiments in a lab, the only thing left is people just talking about dialectics. The challenge is how to get as much rigor as possible. For instance, David Card saw New Jersey increase minimum wage. You generally can't truly conduct large-scale controlled social experiments, but he saw this as interesting. He looked at the NJ/PA area around Philadelphia as a somewhat unified labor market, but half of it just had its minimum wage increased - which he looked at to study as a "natural" experiment, with PA as the control group and NJ as the experimental group, to investigate what happened to the labor market when the minimum wage increased. Having a major metro area split down the middle allowed for a lot of other concerns to be factored out, since the only difference was what side of the river you happened to be on. He had lots of other studies looking at things like that, trying to find ways to get controlled-experiment like behavior where one can't necessarily do a true controlled experiment, but trying to get as close as possible, to be as rigorous as is possible. Is that as ideal as a laboratory experiment? Hell no. But it's way closer than just arguing dialectics.
Seth Godin made the case that its more important for people to make remarks than to be favorable ( https://en.wikipedia.org/wiki/Purple_Cow:_Transform_Your_Business_by_Being_Remarkable ) Trump did this a lot with the legacy media in his first term. He would make inaccurate statements to the media on the topic he wanted to be in the spotlight, and the media would jump to "fact check" him. Guess what, now everyone is talking about illegal immigration, tariffs, or whatever subject Trump thought was to their advantage.
"No such thing as bad publicity" is a very old idea. That quote is usually attributed to PT Barnum, but the idea is much older than him.
Mystery Jump in Oil Trading Ahead of Trump Post Draws Scrutiny (wsj.com)
It’s not different because of who’s doing it but due to scale: creating news which steers markets is worse than trading based on insider information, and there’s a scale question as well (billions versus millions). I want them both prosecuted but in terms of priorities I’d favor the police going after armed robbers over porch thieves.
I think this sort of thinking is why we have people who continue to vote against their own self interests. The fact is we really don't have enough information to make meaningful conclusions about which party is causing more harm with insider trading. It would take a team of accountants and lawyers years to confidently measure this. A random individual isn't going to assess this well. But because people confidently draw often incorrect or baseless conclusions based on vibes and what largely democrat controlled corporate news media tells them, they're going to fall into us versus them mentality at party lines instead of better understanding that both sides are screwing us over tremendously and not accepting a perceived lesser evil
Is this supposed to be an intelligent comment? Is your answer to forgo elections ahead of time? You plan for the worst outcome by already accepting it as reality? Why don't you work on lobbying your grandparents and their vote because I seriously doubt you are equipped for whatever armed conflict you are imagining. Have some dignity. If Americans are so called upon to defend the constitution then so be it, there is no need to prematurely soil your pants about it.
People often in essence say "I think the odds of [the alternate option(s)] are greater than are being represented". It can be helpful to frame it that way, rather than "I will over-react to what I feel is an over-reaction".
I think it's likely that they'll see justice in a chaotic way , ie not connected to the specific crime. Most likely outcome is that they make huge paper profits that are then absolutely worthless because the dollar collapses and the property rights that enforce the wealth they gained from these transactions disappear as the government is toppled. Another likely outcome is that they get in the habit of doing criminal things that piss people off, piss the wrong person off, and then get offed. There was an AskHistorians post about the French revolution a few years ago that really stuck with me: https://www.reddit.com/r/AskHistorians/comments/w18qt5/what_led_to_the_fall_of_robespierre/ > Stability had hardly been a hallmark of the Revolution til that point, and really what we have seen is a revolving door of men rising to the summit of power, only to realize that once your head is above the rest it's a prime target for the guillotine. Of the early years of the Revolution, virtually any man who had been considered a leader was either dead or in exile. The King was executed in January of 1793. The Girondin, formerly indistinguishable from the 'left,' went en masse to the guillotine in October 1793. Danton & friends (dubbed by Robespierre 'the indulgents'), the literal authors of the Insurrection of August 10th which overthrew the King and declared the Republic, the 'giant of the Revolution,' had been executed in April 1794. Interspersed with these prominent deaths were hundreds of individuals who had been important players in the Revolution, whether in national or local politics, and who had now paid the price for their notoriety In times of crisis and scarcity, the usual outcome is that anyone whose ego is big enough to think that he can lead or profit finds that they become a target for elimination. The folks who survive are the ones who focus on, well, surviving. We're headed for one of those times of crisis now, though most people don't want to admit it, and a lot of the people who are profiting off ill-gotten gains now may find that they don't live to enjoy it simply because it gives them a taste for profiteering that eventually makes them take stupid risks.
Hidden profiteering off ill-gotten gains happens continously. In some areas it becomes more known or suspected, but because beheadings and such are very far outside the Overton Window that is mostly controlled by the media, the focus of society moves on as the media directs.
If the petrodollar is irrelevant, why is Iran insisting that anything transiting the straight of Hormuz be bought using the Chinese Yen?
Yuan. Not Yen. Iran shouldn’t be insisting anything.
For starters, you're not alone in this feeling. A lot of us are very hungry for justice, and a lot of the Trump administrations current tactics are openly grappling with the reality of jailtime and restitution if they lose power. These are unusual times, and so people who are not usually inclined toward retribution are hungry for it. That said, it's hard to reconcile that with the fact that Democrats continue to be the opposition party, and failed to even imprison Trump over four years for the things he'd done. And even in the best case scenario, we wouldn't expect Trump himself to live long enough to face much justice. The optimism left in me hopes that this era can serve as an enduring cautionary tale for future societies.
>the fact that Democrats continue to be the opposition party, and failed to even imprison Trump over four years for the things he'd done I'd like to point out it was NOT the Democrats who failed us , it was Republicans in congress who failed us. I'm really not sure how you can suggest Democrats failed us, when they had 2 successful impeachments against trump, but it was Senate Republicans that voted to not remove him when 60 votes were required in a Senate split 50/50. Every single Republican Senator except Mitt Romney in the first impeachment failed us. The second impeachment for insurrection got closer at 57 votes in the senate, but Republicans failed us again. Democrats absolutely did not fail us , they were the ones trying to hold a criminal accountable. It was and always is Republicans who fail us.
LaGuardia pilots raised safety alarms months before deadly runway crash (theguardian.com)
"He said LaGuardia was “very well staffed”, with 33 certified controllers and more in training. He said the goal was to have 37 on staff." I'm just tired of bullshit rhetoric. 33 is less than 37, that's "understaffed" not "very well staffed". Fuck Sean and our "leaders"... they speak with unauthority and spiritlessness.
A quick Google gives me that a 737 typically lands between 144 and 180 mph. I think that's quite a lot faster than most people are watching out for. Good news is they are bigger than cars and so easier to spot at a distance but I'm still skeptical that "look before you cross the runway" is sufficiently safe. Keep in mind that the planes may not even be on the ground yet - at the top end in 30s they could go from a 1.5 miles away in the sky (and up to 300-400ft in the air) to plowing through your position (iirc runways are about 2 miles long for jets). I wonder if it'd even be reliable to see such a plane coming fast enough. Now multiply that by the dozens of planes in your vicinity, and by the 100ish big US airports.
> I think that's quite a lot faster than most people are watching out for That isn't even beyond the top speed of a car, which non-trained humans are very well capable of tracking by sight - to talk of airport workers that are specifically trained to look for air traffic. It really is not that hard to tell that an aircraft is on short final if you are actually looking at it. With four miles of visibility in light rain at night, the aircraft should have been perfectly visible (in a vacuum); what remains to be determined is why the ARFF crew did not see it. The answer to that could range from "they didn't look at all" to "the orientation of the runway relative to the surrounding neighbourhoods meant that the CRJ's lights got lost in the city lights".
In this specific incident, there was a system in place called Runway Entrance Lights [0] that does serve as an automated sanity check on controllers commands. The surveillance video that is circulating shows that the system was working and indicated that the runway was not safe to enter. It's not clear yet why the truck entered the runway anyway. 0: https://www.faa.gov/air_traffic/technology/rwsl
I wonder if they thought that since they were responding to an emergency, and they were given clearance to cross by ATC, that that would override normal procedures. Kind of like how emergency vehicles cross a red light all the time when responding to an emergency.
Understand what happened and prevent it from happening again, so long as this can be done without expanding staffing, reducing OT, structural change, etc
No. Safety investigation agencies deliberately aren't regulators. The NTSB may decide that their recommendation is that every air passenger should be carrying a melon, and that results in a press release, a letter to the FAA saying that's what they recommend, that's all. Deciding to change policies to effect the recommendation isn't their role. That's why you will so often see a safety investigatory body repeatedly recommend the same thing. The UK's RAIB (which is for Rail investigations) for example will often call out why a fatal accident they've investigated wouldn't have happened if the regulator had implemented some prior recommendation, either one they're slow walking or have rejected. The investigators don't need to care about other factors. Are melons too expensive? Not their problem. Only unfriendly countries grow melons? Not their problem. They only need to care about recommending things that would prevent future harm which is their purpose.
> Deciding to change policies to effect the recommendation isn't their role. And if it was the role of investigators to change policy, then there would be enormous pressure from industry to reach convenient conclusions, poisoning the investigation process.
I think https://en.wikipedia.org/wiki/1991_Los_Angeles_runway_collision is more applicable.
In both cases, the controller's fate was grim. Peter Nielsen (Überlingen) was murdered by a relative of a crash victim. Robin Lee Wascher (LA), whose own parents had died in an earlier air crash, was crucified in the media and never worked as a controller again. Both precedents are applicable, because the Laguardia controller is also going to be savaged.
The pilots would execute untowered approach procedures, a small airport with little to no traffic and VFR flight you may self-announce on frequency, a larger airport you go back to approach, etc.
Each of those flights should have an alternate and be prepared (have enough fuel) to divert. If there is a fuel emergency then self-announcing is likely appropriate as the plane is coming down anyway, but that is multiple things going wrong.
> https://www.airlinepilotforums.com/major/152572-aircraft-firetruck-hit-lga.html Just a quick read/speculation based on the linked forum post... Short of insane visibility conditions that prevented them from seeing the plane coming, the firetruck operator seems to be the liable party (beyond the airport for understaffing controllers—this seems to be exacerbated by government cuts but that's still no excuse for having a solo controller at that busy of an airport, especially at night). The controller in question seems to have caught their mistake quickly and reversed the order instead asking the firetruck to stop (but for some reason, this wasn't heard). Is it common now to have solo operators running control towers?
Truck was on a different frequency from the aircraft so they couldn’t even hear each others’ clearances. Also first time ATC told the truck to stop it wasn’t too clear who the message was addressed to. It’s a bit hard to hear “Truck1” there, not clear who he wants to stop. The second time, one can argue by the time “stop” command was heard it might have been better to gun the engine. As the truck sort of slowed down in the middle of the runway.
> this seems to be exacerbated by government cuts What government cuts? 2025 FAA air traffic budget was up around 7% from 2025 https://enotrans.org/article/senate-bill-oks-27-billion-faa-budget-in-fy25/
Notably 2025 was also the year that Elon started firing people and shutting down things that were in the budget, as well as several shutdowns.
From the article: > The crash has raised fears that operations at US airports are under extreme stress. Airports have been dealing with a shortage of air traffic controllers, exacerbated by brutal federal government personnel cuts by Donald Trump’s administration at the start of his second presidency. Not my opinion, just reading from there.
"Liability" isn't really how we try to see things in aviation. While it's true that it's ultimately considered the responsibility of the truck/plane to visually confirm that crossing the runway is safe, refuse unsafe commands from ATC, and comply to the best of their ability when ATC says "stop" at the last second, we can't stop our analysis there if we want to prevent this from happening in the future, because unless things change someone will make this mistake again in the future. Telling people not to make mistakes isn't going to help at all; it's obvious, and no one wants to cause an accident. The error is just the last step in the process that led to the collision.
I don't think the ATC is at fault here. If they were put in a difficult situation and responsible for too much at once, I'd view that as a leadership bug, not their personal fault (or anything they should be held liable for). The weak links imo here are the firetruck driver and whoever that ATC reports to directly (i.e., there shouldn't have been an opportunity for this to happen—that's an executive failure, whether they want to take ownership or not).
How do you know it was due to staffing shortages? It is common at LGA for one controller to be handling Tower and Ground late at night.
Some people here coded the buttons that sometimes don't work when you check in for your flight. That makes them aviation experts. How dare you question wild assumptions.
>This isn't one guy's fault. Counterpoint. It's Regen's fault. He's the guy who decided that a high priority of the government was making sure air traffic controllers had no power to fight back against being horrifically overworked (because unions are evil you see)
Pretty much everything broken in the USA stems directly from Reagen. https://www.youtube.com/watch?v=g95fiZCzjlo
Show HN: Gemini can now natively embed video, so I built sub-second video search (github.com/ssrajadh)
I work in content/video intelligence. Gemini is great for this type of use case out of the box.
This is a really cool implementation—embeddings still often feel like magic to me. That said, this exact use case is sort of also my biggest point of concern with where AI takes us, much more so than most of the common AI risks you hear lots of chatter about. We live in a world absolutely loaded with cameras now but ultimately retain some semblance of semi-anonymity/privacy in public by virtue of the fact that nobody can actually watch or review all of the video from those cameras except when there is a compelling reason to do so, but these technologies are making that a much more realistic proposition. The presence of cameras everywhere is considerably more concerning than the status quo, to me at least, when there is an AI watching and indexing every second of every feed—where camera owners or manufacturers or governments could set simple natural language parameters for highly specific people or activities notify about. There are obviously compelling and easy-to-sell cases here that will surely drive adoption as it becomes cost effective: get an alert to crime in progress, get an alert when a neighbor who doesn't clean up after his dog, get an alert when someone has fallen...but the potential implications of living in a panopticon like this if not well regulated are pretty ugly.
Totally valid concern. Right now the cost ($2.50/hr) and latency make continuous real-time indexing impractical, but that won't always be the case. This is one of the reasons I'd want to see open-weight local models for this, keeps the indexing on your own hardware with no footage leaving your machine. But you're right that the broader trajectory here is worth thinking carefully about.
Very impressive! A webhook could be configured to trigger an alarm if a semantic match to any category of activities is detected, and then you basically have a virtual security guard and private investigator. Well played.
Thanks! Yeah that would be pretty cool, but continuous indexing would be pretty expensive now, because the model's in public preview and there are no local alternatives afaik. This very well might be a reality in a couple years though!
Where is the Exit to this dystopia?
Well, with data analysis powers like this a few treasonous words in front of a flock camera will show you the way.
I don’t think this means we’re in a dystopia
You might not have been paying attention
The bridge to wealth is being pulled up with AI (danielhomola.com)
> They are illustrations of a general principle: the legal inheritance channel compounds while the biological one reverts. All this pseudo-math relies on the fact that family wealth strictly compounds and does not decrease or revert to the mean. But that is not true. Economists study this, and the exact numbers differ but family wealth _does_ revert back to the mean in just a few generations. Wealth does not stay in the same family compounding forever. https://www.jstor.org/stable/10.1086/378526 https://bnh.bank/wp-content/uploads/2023/05/Heres-to-Your-Wealth-December-2022.pdf
Fair point on the rhetoric: "no regression, no noise, just compounding" overstates it a bit. Individual family wealth does dissipate across generations. The model actually reflects this: η=0.85 inheritance fraction, threshold gating that blocks compounding below ~$20k, and a residual term that captures the noise and bad luck - which your sources are measuring. The stronger claim of the essa is different from "any given dynasty compounds forever." It's Piketty's r > g: capital returns have systematically outpaced economic growth, so the wealth class maintains and grows its share even as specific families within it churn.
The opening paragraph bothers me greatly. "multiply a gaussian and a power law, the power law dominates." They literally are distributions of different variables, why would you "multiply" two different distributions that exist on different domains!? The example they're using as an opening is very wrong, it makes no sense and makes the author sound incompetent. Even if I get the point they're trying to make (if I try hard to find it), the very fact that they don't even know how mathematics in the "mathematical" part of their opening does not inspire confidence in the rest of the essay. It's very hard for me to move past the opening after the very first few lines! Perhaps this is just because I'm a scientist, I'm surprised no one is picking at this because I feel insane reading this and this not being the first nitpick at the top of every comment. The correct way you're represent this (dist of "life outcomes", whatever that means) is that it would be a 2D histogram with IQ and wealth on the different axes. But this is not "multiply the two" wherein "one would dominate".
Cool, I'm a scientist too w a PhD and everything, I just don't make a big deal out of it - unlike you it seems. Granted, distributions don't get multiplied, random variables do. Funnily enough the essay's actual model (log(Y) = 0.35·zIQ + 0.45·zW + ...) is additive in log space, which is multiplicative in outcome space. The preface language is loose I grant you that but the formal model that appears later is well defined. Not sure what you want to say with a 2d histogram. We are modelling, not visualizing.
Interesting points, made in florid style. I'd make the point a little differently, though -- in the next n years, you want to be on the side of capital. Labor is in for a really tough time. Missing from Daniel's analysis is total economic output, and I think this really matters -- when we think of Optimus launched and at scale, do we think of total GDP growing, shrinking, being stable? A lot of what someone thinks about this question will tie directly to their predictions and mental/emotional focus. I think of GDP growing - we will be turning stuff into the ground into something that works for $1/hr on all manner of tasks - we're going to be able to do a lot more stuff than we were. As Daniel points out, a company is going to own a lot (by no means all) of that economic benefit. By some miracle of our modern markets, you too could own some of that benefit, just by buying into the company. The "mercantilist labor" view is less rosy: if there's a limited amount of labor to go around then this will be directly siphoning off living wage and (to the point of the essay) excess capital that could go into building dynastic wealth. From my viewpoint, I think Daniel's charts would get a little bit less alarming for the non-dynastic scenarios if they imagined GDP increases along the way. They probably push up the sharpness of an inflection point.
Hey thanks for reading and for leaving a considered comment. You might be right, we'll see. In my mind, GDP growing isn't really that reassuring: 1/ GDP has been growing steadily while people's happiness and overall satisfaction is flat lined or finishing (so even if this was true it won't lead to better lives lived at scale) 2/ it's more interesting to look at the ratio of labour wages / GDP. I actually make a prediction about this and that has been shrinking already. If it continues (which I think it will) even if everything grows ppl will be unhappy and unsatisfied bc a large part of our self worth is coming from comparing ourselves w the ppl around us in the wider society. This is why more equal societies tend to be happier as well.
> Most of the traits you were born with - intelligence ... Intelligence is considered genetic now? That's quite a bold claim.
Well, it's certainly inheritable from your parents (50%), and recent research suggests at least 20% of the 50% heritability is genetic, according to an article in Nature Reviews Genetics. [0] The phrasing "born with" could be better, but in the argument from this post, "inherited from the parents" serves the same purpose. [0] https://pmc.ncbi.nlm.nih.gov/articles/PMC5985927/
Commenting strictly on the metaphor in the title: Did you mean to say ladder? Bridges don't get pulled up. Edit to say: Yes I did think of drawbridges. And Batman is a scientist. But drawbridges are simply "opened" or "raised," and the implication always is that it's temporary and they will soon be "closed" or "lowered." Though they can be sabotaged in the open position. All right fine, OP please change your title to "The drawbridge to wealth is being raised and then permanently damaged so it can't be lowered, by AI."
Finally a useful comment. Thank you :D
There is not enough space for 8 billion humans to do "frontier living."
They can manage it. Cheap drugs, distributed by the government, can handle you from suffering and ensure you will not participate in any kind of anti government protests. Also they can add birth control additives and reduce the population significantly.
I know how much the American health care system sucks. But I have looked into a high deductible health care plan on the exchange for myself and my wife - both over 50 to calculate how much we would need to survive a month of unemployment. It was around $1000/mo with no subsidies for a bronze plan.
You think regular Americans have the money to afford high deductible plans? One ER visit bankrupts people.
How does that work if you have a pre-existing condition? I am honestly curious
ACA-compliant plans can't deny or change pricing for them. It was a good change, but it needed the individual mandate to function successfully. That got removed.
I am, of course, referring to the IOUs (a.k.a. cash) they famously are sitting on, and have been sitting on for decades. Technically they can call the debt at any time, but what does average Joe have to give that Apple would want? If there was something appealing they'd have done it already. In reality there is nothing and it will sit there forevermore and the consumers on the other side of the transaction ultimately got stuff for free. But, as before, it doesn't really matter as rich people aren't interested in things. They already have everything they could ever dream of and physically cannot handle even more. They are interested in social standing.
This doesn't make any sense. Apple has a pile of cash hasn't spent or invested = they have given away free product?
A debt never called is the same as giving something away for free, yes. Technically the can still call the debt, but the question remains outstanding: What do you have that they would want in return? The answer is effectively nothing, and increasingly so.
So where are all the AI apps? (answer.ai)
I think part of the mismatch is that people are still looking for “more apps” as the output metric. A lot of the real value shows up as workflow compression instead. Internal tools, one-off automations, bespoke research flows, coding helpers, things that would never have justified becoming a product in the first place.
My experience with AI-driven and AI-assisted development so far is that it has actually enhanced my workflow despite how much I dislike it. With a caveat. If you were to compare my workflow to a decade ago, you wouldn’t see much difference other than my natural skill growth. The rub is that the tools, communities and services I learned to rely on over my career as a developer have been slowly getting worse and worse, and I have found that I can leverage AI tools to make up for where those resources now fall short.
I feel they're largely here, on this platform. Hacker News, currently, could be renamed to AI News, without any loss of generality.
Thoughts: 1. Some hype-types may have been effusive about AI-assisted coding since ChatGPT, but IMO the commonly agreed paradigm shift was claude code, and especially 4.5, very very recent. 2. Anchoring biases in reaction to hype is still letting one's perspective be defined by hype. Yes the cursor post is a joke, but leading with that is a strawman. This article does not aim to take it's subject seriously, IMO. 3. While I agree the hype is currently at comical levels, the utility of the current LLMs is obvious, and reasons for "skilled" usage not being easily quantifiable are also obvious. IE, using agents to iterate through many possible approaches, spike out migrations, etc might save a project a year of misadventures, re-designs, etc, but that productivity gain _subtracts_ the intermediate versions that _didn't_ end up being shipped. As others have mentioned, I think yak-shaving is now way more automated. IE, If I want to take a new terminal for a spin, throw together a devtool to help me think about a specific problem better, etc, I can do it with very low friction. So "personal" productivity is way higher.
> the utility of the current LLMs is obvious In that they obviously have no real utility, sure. There hasn't been a paradigm shift, they still suck at programming, and anyone trying to tell you otherwise almost certainly has something to sell you.
Based on my direct experience I find this remaining commonality of this opinion surprising, at least with regards to opus in claude code. I'm not as extreme as some who think we can/should avoid touching code or w/e but especially in exploratory contexts and debugging I find them extremely useful. Maybe I should have said "obvious to me," but I guess I just struggle to see how a serious crack at using modern opus in claude code doesn't make it obvious at this point. I'd really recommend trying the "spike out a self-contained minimal version of this rearchitecture/migration and troubleshoot it iteratively until it works, then make a report on findings" use-case for anyone that hasn't had luck with them thus far and is serious about trying to reach conclusions based on direct experience.
> Claude Code was released for general use in May 2025. It's only March. Detractors of AI are often accused of moving the goalposts, but I think your comment is guilty of the same. Before Claude Code, we had Cursor, Github Copilot, and more. Each of these was purportedly revolutionizing software engineering. Further, the core claim for AI coding is that it lets you ship code 10x or 100x faster. So why do we need to wait years to see the result? Shouldn't there be an explosion in every type of software imaginable?
> Detractors of AI are often accused of moving the goalpost, but I think your comment is guilty of the same. Before Claude Code, we had Cursor, Github Copilot, and more. Each of these war purportedly revolutionizing software engineering. What's sauce for the goose is sauce for the gander. If you make that argument that 'I don't believe in kinks or discontinuities in code release due to AI, because so many AI coding systems have come out incrementally since 2020', then OP does provide strong evidence for an AI acceleration - the smooth exponential!
> There are no new and useful apps made with AI - apps that contribute to productivity of the economy as whole. This is flat-earther level. It's like an environmentalist saying that nothing made with fossil fuels contributes to productivity. But they don't say that because they know it's not true. There are so many valid gripes to have with LLMs, pick literally any of them. The idea that a single line of generated code can't possibly be productivity net positive is nonsensical. And if one line can, then so can many lines.
Just shown me a new killer app from the app store that is coded by AI and isn’t an AI app itself. Seems like the rest of the whole AI business, the only things going to the top are the AI tools themselves but not the things they are supposed to built.
> This is flat-earther level Ok, so do you have a counterexample?
Can you give me any new (i.e. released in 2026) app that does something useful? There's just not many good app ideas left after all..
Heh, I got a solid five seconds with the chart until the paywall popped up.
> Heh, I got a solid five seconds with the chart until the paywall popped up. Relevant! If the maximalist interpretation of AI capabilities were close to real, and if people tend to point their new super powers at their biggest pain points.. wouldn't it be a big blow for all things advertising / attention economy? "Create a driver or wrapper app that skips all ads on Youtube/Spotify" or "Make a browser plugin that de-emphasizes and unlinks all attention-grabbing references to pay-walled content". If we're supposed to be in awe of how AI can do anything, and we notice repeatedly that nope, it isn't really empowering users yet, then we may need to reconsider the premise.
And as we all know, the first 90% of writing an app takes the first 90% of the time, and the last 10% takes the other 90% of the time.
The 90-90 rule may need an update for a POST-LLM world "The first 90% of the code accounts for the first 9% of the development time. The remaining 10% of the code accounts for the other 9000% of the development time"
It is incredibly easy now to get an idea to the prototype stage, but making it production-ready still needs boring old software engineering skills. I know countless people who followed the "I'll vibe code my own business" trend, and a few of them did get pretty far, but ultimately not a single one actually launched. Anyone who has been doing this professionally will tell you that the "last step" is what takes the majority of time and effort.
> not a single one actually launched. I think this represents a fundamental misunderstanding of how these AI tools are used most effectively: not to write software but to directly solve the problem you were going to solve with software. I used to not understand this and agreed with the "where is all the shovelware" comments, but now I've realized the real shift is not from automating software creation, but replacing the need for it in the first place. It's clear that we're still awhile away from this being really understood and exploited. People are still confusingly building webapps that aren't necessary. Here's two, somewhat related, examples I've come across (I spend a lot of time on image/video generation in my free time): A web service that automatically creates "headshots" for you, and another that will automatically create TikTok videos for you. I have bespoke AI versions of both of these I built myself in an afternoon, running locally, creating content for prices that simply can't be matched by anyone trying to build a SaaS company out of these ideas. What people are thinking: "I know, I can use AI to build a SaaS startup the sells content!" But building a SaaS company still requires real software since it has to scale to multiple users and use cases. What more and more people are realizing is "I can created the content for basically free on my desktop, now I need to figure out how to leverage that content". I still haven't cracked the code for creating a rockstar TikTok channel, but it's not because I'm blocked on the content end. Similarly I'm starting to see that we're still not thinking about how to reorganize software teams to maximally exploit AI. Right now I see lots of engineers doing software the old way with an AI powered exo-skeleton. We know what this results in: massive PRs that clog up the whole process, and small bugs that creep up later. So long as we divide labor into hyper focused roles, this will persist. What I'm increasingly seeing is that to leverage AI properly we need to re-think how these roles actually work, since now one person can be much responsible for a much larger surface area rather than just doing one thing (arguably) faster.
> and a few of them did get pretty far, but ultimately not a single one actually launched. Having done this professionally for a very, very long time, software engineers aren't particularly good at launching products. Technology has drastically lowered the barriers to bring software products to customers, and AI is a continuation of that trend.
no I don't think with LLMs as the foundation we will ever have something that can build and launch something end to end. They just predict the next most likely token... no amount of clever orchestration can cover that up and make it into real intelligence.
Nice bait
Krita 5.3.0 and 6.0.0 Released (krita.org)
> Enjoy the completely new text feature: on canvas editing, full opentype support, text flowing into shapes. Thank you developers! Krita is otherwise great to use, but used to be horrible when working with text. Really looking forward to trying this out.
Jesus Christ finally. I'm not joking when I say that the old text tool wasn't simply bad, it was THE WORST text tool I ever used. If you had a dark theme and made the text black, you literally couldn't see the text you were editing! I believe the last feature Krita needs to become a decent design tool would be fixing the layer styles so you can add the same style multiple times to the same layer (and if possible better bevel and 3D text tools). An immense number of designs are not much more than multiple strokes or "slightly" 3D text. Multiple strokes can be done in Krita in a very complicated and impractical way (you can do it by adding the layer style to a group, but with too many strokes the rounding errors make the outer strokes "flat," so the "correct" way would be to add the largest stroke first and then use clones to add the inner strokes). Photopea (a free online editor) supports both of these. My opinion is that Krita has a tremendous amount of potential to serve a free and open source application for several niche use cases, but it's routinely held back by lacking "that one feature the user will need." Probably because everyone still thinks it's just an application for illustration and can't be used for image editing or design. Animation is probably the most obvious one. Krita has an entire curves-based timeline editor, but the integration is so poor that it can only be used to animate opacity and the simplest type of transforms (translate, rotate, scale). That's an incredible waste considering it has cage transform, perspective transform, etc. All the non-destructive filters already have the code to serialize their settings to XML and back, but somehow those settings can't be animated? The liquefy transform, by far the most powerful, can't be animated. If transform masks had opacity and you could animate that, even that could be extremely useful, but they don't so they can't be animated in general. Layer styles are another integration problem. Many users don't know they exist because they're hidden in the context menu. Krita already has filter masks. It doesn't even need a separate UI for layer styles, the styles could just be filters instead, then they would be able to get drag-n-dropped around and you could add multiple of the same to a single layer. Apparently this is because they want compatibility with Photoshop, but you could just convert Krita filter masks into Photoshop styles in the save step, so I don't really understand the problem. Naturally if the filter settings ever became animatable, that would mean layer styles would NOT be animatable in virtue of them not being filters, which would suck a lot. By the way, I haven't tested the new version yet but Krita ALREADY has a color overlay layer style. So it looks like they simply... duplicated a feature they already had? Also the UI looks very similar to Clip Studio Paint, but a key difference in CSP is that single-color layers use 8 bit pixels instead of full 32 bit RGBA. I'm afraid this UI I'm seeing in the video is going to mislead some users into creating dozens of 32 bit layers with color overlay for easy color management and then end up with much worse performance than they would have in similar software. It also seems the color overlay "mask" behaves in a way that is completely different from literally every other mask in the software. I guess I'll have to download it to know for sure.
Most of the transfors you describe are still unfortunately destructive (ie the only way to go back is to undo). I'm not an expert on this, but I think the only way this could be key framed would be to take snapshots of the pixels and insert the modified raster data as keyframes? I'm not sure there's a good/correct/obviously way to interpolate betweens say a before and after liquefy operation the way it currently works. Maybe some of them coul store brush+inputs (pressure, cursor movement, etc) but that seems difficult to work with as an artist. Again, not done much animation (as a dev or artist) so maybe I'm just out of the loop completely But yeah I agree with you in principle though, it would be nice if these were non-destructive and could be keyframed.
Nice! Two days after I installed 5.3.0-beta because I needed a feature that 5.2 didn't have. Now I can undo all the custom install again to get it from the AUR. (I have not yet succeeded in using that feature effectively.)
Aha an Arch Linux user
Missile Defense Is NP-Complete (smu160.github.io)
Yes, it's complicated. There's almost 1,000 generals and officers spread across the US military. They (and the tens of thousands of people directly supporting them) spend a lot of time on these things. Sometimes "draw the rest of the owl" makes sense when you've got 20,000 people actively drawing owls all day every day.
I'm generally sympathetic to the argument that there are a lot of experts doing expert things who know better about these things than some idiot sitting at his computer i.e. me. But in this particular case, we're in the middle of a war where the owl didn't get drawn and the enemy has successfully launched thousands of drones and missiles at our forces and our allies, causing enough damage to severely disrupt the world economy.
> If your million-dollar interceptor protects a multi-million-dollar building from a $100 missile, and then that building is hit by a second $100 missile, was it worth it? I mean the assumption is that if the first missile hit the building, the second missile would have been fired at something else, right? Still seems worth it at face value especially if there's enough time between the two missiles that there aren't people in the building anymore.
My assumption would be that the attacker builds missiles based on the defenses they want to defeat. If you have no defenses, maybe the defender builds 1,000 missiles. If you have 1,000 interceptors with 100% accuracy, then maybe the defender builds 2,000 missiles. This is why the superpowers mostly scrapped their ICBM defenses in the 70s. The technology worked fine. It's totally doable with 1970s technology if you're willing to put nuclear warheads on the interceptors. But for every ICBM interceptor you built, the other side could build another ICBM for the same cost or less. And you need more than one interceptor per ICBM since they can fail and the each interceptor only covers a small area. Add in multiple warheads on a single missile and decoys and suddenly you might need 10x or more. So the USA gave up on the idea of covering the entire country with interceptors, deployed a few interceptors to protect some missile silos, then shut it down after less than a year. The USSR built out a system to protect Moscow and only Moscow, which is still operational today. However, the British were able to maintain the ability to defeat that system and destroy Moscow with a single submarine, all on their own, never mind what the USA would throw at it. If you have a certain amount of stuff you can build and you're deciding what to do with that capacity, it's not at all clear that missile interceptors are a good use of that capacity even if you're protecting objects that cost orders of magnitude more than the interceptors cost. It works if you're defending against a far less capable adversary (Israel's Iron Dome against Hamas, USA's GBI system against North Korea) but not with an enemy that's even vaguely close to being a peer.
That's not what deterrence means. From google: the action of discouraging an action or event through instilling doubt or fear of the consequences. It's meant to avoid conflict altogether, say with China and Taiwan.
Iranian here, you're assuming sanity. That doesn't work when your opponents pray for death and see martyrdom as victory. This is genuinely how Shia extremists think. They have nothing to lose and will sacrifice everything and everyone for their cause. They don't care about Iran or Iranians or prosperity of the nation.
Oh, I thought this was going to be about the old trackball arcade game. Or perhaps it is? Same sort of rules? The maths is going so far over my head I can't hear the whoosh.
I expected that too, but it's about the inspiration for the game, I guess. I was trying to figure out how you encode computation in that.
Malicious litellm_init.pth in litellm 1.82.8 PyPI package – credential stealer (github.com/BerriAI)
I've been waiting for something like this to happen. It's just too easy to pull off. I've been hard-pinning all of my versions of dependencies and using older versions in any new projects I set up for a little while, because they've generally at least been around long enough to vet. But even that has its own set of risks (for example, what if I accidently pin a vulnerable version). Either that, or I fork everything, including all the deps, run LLMs over the codebase to vet everything. Even still though, we can't really trust any open-source software any more that has third party dependencies, because the chains can be so complex and long it's impossible to vet everything. It's just too easy to spam out open-source software now, which also means it's too easy to create thousands of infected repos with sophisticated and clever supply chain attacks planted deeply inside them. Ones that can be surfaced at any time, too. LLMs have compounded this risk 100x.
Checkout LLM Gateway: https://llmgateway.io Migration guide: https://llmgateway.io/migration/litellm
What is the best way to sandbox LLMs and packages in general, while being able to work on data from outside sandbox (get data in and out easily)? There is also the need for data sanitation, because the attacker could distribute compromised files through user’s data which will later be run and compromise the host.
Just wrote up a quick article on how greywall[0] prevents this attack: https://greyhaven.co/insights/how-greywall-prevents-every-stage-of-the-pypi-supply-chain-attack [0] https://greywall.io/
we're using litellm via helm charts with tags main-v1.81.12-stable.2 and main-v1.80.8-stable.1 - assuming they're safe? also how are we sure that docker images aren't affected?
Docker deployments are more safe even if affected because there is a lower chance (but not zero) that you didn't mount all your credentials into the image. It would have access to LLM keys of course, but that's not really what the hacker is after. He's after private SSH keys. That being said this hack was a direct upload to PyPI in the last few days, so very unlikely those images are affected.
This must be super stressful for you, but I do want to note your "I'm sorry for this." It's really human. It is so much better than, you know... "We regret any inconvenience and remain committed to recognising the importance of maintaining trust with our valued community and following the duration of the ongoing transient issue we will continue to drive alignment on a comprehensive remediation framework going forward." Kudos to you. Stressful times, but I hope it helps to know that people are reading this appreciating the response.
Lawyers are slowly eating humanity.
Dropped you a mail from mads.havmand@nansen.ai
Was nansen compromised? What about your customers funds?
69.3 isnt safe. The safe thing to do is remove all trivy access. or failing that version. 0.35 is the last and AFAIK only safe version. https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise
I have sent your message to the developer on github and they have changed the version to 0.35.0 ,so thanks. https://github.com/BerriAI/litellm/issues/24518#issuecomment-4120401246
We just can't trust dependencies and dev setups. I wanted to say "anymore" but we never could. Dev containers were never good enough, too clumsy and too little isolation. We need to start working in full sandboxes with defence in depth that have real guardrails and UIs like vm isolation + container primitives and allow lists, egress filters, seccomp, gvisor and more but with much better usability. Its the same requirements we have for agent runtimes, lets use this momentum to make our dev environments safer! In such an environment the container would crash, we see the violations, delete it and dont' have to worry about it. We should treat this as an everyday possibility not as an isolated security incident.
Sandboxes yes, but who even added the dependency? Half the projects I see have requirements.txt written by Copilot. AI says "add litellm", dev clicks accept, nobody even pins versions. Then we talk about containment like anyone actually looked at that dep list.
I agree in general, but how are you ever upgrading any of that? Could be a "sleeper compromise" that only activates sometime in the future. Open problem.
A sleeper compromise that cannot execute can still not reach its goal. Generally speaking outdated dependencies without known compromise in a sandbox are still better than the latest deps with or without sandbox.
My vibe coded personal projects don't have the source code available for attackers to target specifically.
You don't need open source access to be exploitable or exploited
[flagged]
Automated comments aren't allowed here. Please stop. https://news.ycombinator.com/newsguidelines.html#generated
This is tied to the TeamPCP activity over the last few weeks. I've been responding, and keeping an up to date timeline. I hope it might help folks catch up and contextualize this incident: https://ramimac.me/trivy-teampcp/#phase-09
This is interesting. How do you keep this up to date so quickly?
> i was lucky to see my processes before the system hard locked. how do you do that? have Activity Monitor up at all times?
Probably iStat menus or something similar
Besides main issue here, and the owners account being possibly compromised as well, there's like 170+ low quality spam comments in there. I would expect better spam detection system from GitHub. This is hardly acceptable.
Or they're just bots. This repository has 40k+ stars somehow.
↙ time adjusted for second-chance
Show HN: ProofShot – Give AI coding agents eyes to verify the UI they build (github.com/AmElmo)
VSCode and Antigravity already do this. What am I missing?
seems similar to a couple of simonw's recent tools? https://simonwillison.net/2026/Feb/10/showboat-and-rodney/
I built something like this for native application, so that I could get automated feedback loop for the agent instead of making screenshots manually etc. Problem I found is that AI agent understands nothing of the UI. If you tell it "Make buttons evenly spaced", sure it will space them evenly, but without care for the context they are placed in. You have to describe the image yourself and still you'll find it having hard time understanding what's going on. I very much abandoned the idea of AI driven UI development as it is not there yet. I tried with GPT 5.2. Maybe newer models have improved.
Nanobrew: The fastest macOS package manager compatible with brew (nanobrew.trilok.ai)
I naively assumed it would work on the already installed homebrew packages. No such luck. After installing, 'nb list' and thus eg. 'nb outdated' will yield the empty list! I have absolutely no use for a competing homebrew installation that is mostly compatible ..
What would be great is a Homebrew-compatible system that doesn't cut off support for older machines. I have a 3.8 GHz Quad core i5 iMac that still crushes, yet Homebrew has determined that I'm just too old and icky[1] to work with anymore. I had to move over to MacPorts, which is surprisingly nice, but I still miss brew. Yea, I know. It's open source. They can do what they want. Still sucks. 1: https://docs.brew.sh/Support-Tiers
Run Linux on it. Apple has cut that OS off anyway. Would be safer security wise to have an OS that's updated
I still think that's entirely fair for a power user tool like homebrew. With the upgrade rates of macOS that probably means that's 98% of the users would be covered. Expecting an open source project to accept bug requests from a bigger variety of versions that then would need test devices on these versions to replicate issues sounds unrealistic. Bigger companies, or Apple itself I would hold to much higher standards when it comes to that.
> power user tool like homebrew. That makes no sense then. A power user may still want to run older OS versions for a reason. Take the training wheels off it and then it'll be a power user tool.
brew used to say, more or less, "This OS is old and unsupported. Don't submit bug reports. If you have problems, too bad. If you submit a PR to fix something, we might merge it". Fair enough, right? Now it just says, "Go fuck yourself, grandpa."
Agreed on horses for courses. Different people have different tolerances. And yea, all things being equal, faster is better, but they are almost never equal. If you don’t mind me asking, what does “too slow” mean for you in this context? Do you have a particularly complex setup? And what do you use now as an alternative and how has that impacted the update speed?
I wish I could remember the details -- I know I got annoyed with things being slow and when I got a new computer decided to go the no-homebrew route. I'm using nix, and it seems fine so far, but I also really don't understand it at all, which is a little concerning. :-)
Makes no sense, the wording suggests it can use Homebrew's backend, not that it's a complete alternative to Homebrew. Nobody is confused about that.
The recipes for building and installing homebrew packages are written in Ruby You cannot really be compatible with this unless you run the Ruby as the install scripts could do whatever arbitrary computations In reality most recipes contain a simple declarative config but nothing stops you from doing Ruby in there. Hence to achieve total compatibility one would need to run Ruby
Wow they are finally getting away from Ruby? Awesome. The speed will be a nice boon
I would guess this change builds on the existing json endpoints for package metadata but that the Ruby DSL is remaining intact. I think how to marry the Ruby formulas and a Rust frontend is something the Homebrew devs can figure out and I'm interested to see where it goes, but I don't really care whether Ruby "goes away" from Homebrew in the end or not. It's a lovely language, so if they can keep it for their DSL but improve client performance I think that's great.
Yeah I don't know why people are saying that speed doesn't matter. I use Homebrew and it is slow. It's like yum vs apt in the Linux world. APT (C++) is fast and yum (Python) was slow. Both work fine, but yum would just add a few seconds, or a minute, of little frustrations multiple times a day. It adds up. They finally fixed it with dnf (C++) and now yum is deprecated. Glad to hear a Rust rewrite is coming to Homebrew soon.
yum was slow not because of python but because of the algorithm used to solve dependencies Anyway the python program would call into libsolv which is implemented in C. dnf5 is much faster but the authors of the program credit the algorithmic changes and not because it is written in C++ dnf < 5 was still performing similarly to yum (and it was also implemented in python)
One of the reasons I switched to arch from debian based distros was precisely how much faster pacman was compared to APT -- system updates shouldn't take over half an hour when I have a (multi)gigabit connection and an SSD. It was mostly precipitated by when containers came in and I was honestly shocked at how fast apk installs packages on alpine compared to my Ubuntu boxes (using apt)
pacman is faster simply because it does less things and it supports less use cases. For example pacman does not need to validate the system for partial upgrades because those are unsupported on Arch and if the system is borked then it’s yours to fix.
 Top