> I disagree with other posts here, it is partially a balance between security and usability.
And economics. Many people here are blaming incompetent security teams and app developers, but a lot of seemingly dumb security policies are due to insurers. If an insurer says "we're going to jack up premiums by 20% unless you force employees to change their password once every 90 days", you can argue till you're blue in the face that it's bad practice, NIST changed its policy to recommend not regularly rotating passwords over a decade ago, etc., and be totally correct... but they're still going to jack up premiums if you don't do it. So you dejectedly sigh, implement a password expiration policy, and listen to grumbling employees who call you incompetent.
It's been a while since I've been through a process like this, but given how infamous log4shell became, it wouldn't surprise me if insurers are now also making it mandatory that common "hacking strings" like /etc/hosts, /etc/passwd, jndi:, and friends must be rejected by servers.
Mark Zuckerburg's superpower is being like Jack Sparrow at the beginning of Pirates of the Caribbean: he steps off one boat just as it's sinking onto another, and he has the humility to not really give a damn which ship he's on. (I say "humility" even as someone frustrated by his net impact on society.)
I think on the How I Built This Instagram episode the Instagram founder said that Zuck was basically reading the data from Facebook's interactions and saw that the demographics and sharing tendencies of Facebook users meant that it was in a death spiral: people were moving interactions to private channels, reducing the available "friend" content. IMO, the causal factor here is that people became wary of public oversharing and the result was FB pivoting away from "social network" (OG Facebook) to "social media" (2010-2015 FB) and eventually just "media" (Instagram, Reels).
Looking back at what I posted on FB in 2008-2012 is like observing an alien from another planet: it was a completely different platform.
US officials and businessmen keep on repeating the same thing:
> The European Commission is attempting to handicap successful American businesses while allowing Chinese and European companies to operate under different standards.
But this is wildly untrue. The EU isn't hand-picking individual organisations and fining them because they're American, they're fining them because they're in breach of existing legislation. The same legislation applies to local companies.
Ironically, it's the US who takes stances like the one they claim the EU is taken. E.g.: The US required that TikTok be sold, without actually proving that TikTok was in breach of any actual law.
But repeating the same claims gets those claims out into the media, and that's what people hear. So we see a dissonance between what the media says (and many people believe) and what's really happening.
Most interesting for Australia and generally society is the fact that a judge has to associate the behavior of collecting different materials from the periodic table with mental health issues in order to not ridicule the current laws.
Reminds me of an anecdote about an e-commerce platform: someone coded a leaky webshop, so their workaround was to watch if the string "OutOfMemoryException" shows up in the logs, and then restart the app.
Another developer in the team decided they wanted to log what customers searched for, so if someone typed in "OutOfMemoryException" in the search bar...
I’ve noticed my kid (12) primarily uses group chats over social apps. Some of his chats have several dozen kids in them. It could be social media got so bad that the protocols became the best alternative. An old programmer like me sees a glimmer of hope in a sea of noise.
I’m only part of the way through the book, so have nothing to spoil here. But it’s entertaining. And shocking. The author will relate a scene that’s so absurd that you think “ah, this can’t be true, this is made up for dramatic effect, nobody would act like that” and then you Google it and you realize the absurd thing is totally true and was fully documented at the time. All the author is adding is a perspective from the inside.
I understand why Facebook people might have wanted the book to go away. That their attempt to do so comically backfired and resulted in entirely the opposite effect, well, that’s also pretty much what you’d expect from this crew after reading the book.
I think gemma-3-27b-it-qat-4bit is my new favorite local model - or at least it's right up there with Mistral Small 3.1 24B.
I've been trying it on an M2 64GB via both Ollama and MLX. It's very, very good, and it only uses ~22Gb (via Ollama) or ~15GB (MLX) leaving plenty of memory for running other apps.
Last night I had it write me a complete plugin for my LLM tool like this:
llm install llm-mlx
llm mlx download-model mlx-community/gemma-3-27b-it-qat-4bit
llm -m mlx-community/gemma-3-27b-it-qat-4bit \
-f https://raw.githubusercontent.com/simonw/llm-hacker-news/refs/heads/main/llm_hacker_news.py \
-f https://raw.githubusercontent.com/simonw/tools/refs/heads/main/github-issue-to-markdown.html \
-s 'Write a new fragments plugin in Python that registers
issue:org/repo/123 which fetches that issue
number from the specified github repo and uses the same
markdown logic as the HTML page to turn that into a
fragment'
This works against _the LLM proper,_ but not against chat applications with integrated search. For ChatGPT, you can write, "Without looking it up, tell me about the Marathon crater."
This tests self awareness. A two-year-old will answer it correctly, as will the dumbest person you know. The correct answer is "I don't know".
This works because:
1. Training sets consist of knowledge we have, and not of knowledge we don't have.
2. Commitment bias. Complaint chat models will be trained to start with "Certainly! The Marathon Crater is a geological formation", or something like that, and from there, the next most probable tokens are going to be "in Greece", "on Mars" or whatever. At this point, all tokens that are probable are also incorrect.
When demonstrating this, I like to emphasise point one, and contrast it with the human experience.
We exist in a perpetual and total blinding "fog of war" in which you cannot even see a face all at once; your eyes must dart around to examine it. Human experience is structured around _acquiring_ and _forgoing_ information, rather than _having_ information.
This article reminds me of this excellent tongue-in-cheek piece of writing by Jonathan Zeller in McSweeney's:
Calm Down—Your Phone Isn’t Listening to Your Conversations. It’s Just Tracking Everything You Type, Every App You Use, Every Website You Visit, and Everywhere You Go in the Physical World
I'd say it's better to call it a unit of counting.
If I have a bin of apples, and I say it's 5 apples wide, and 4 apples tall, then you'd say I have 20 apples, not 20 apples squared.
It's common to specify a length by a count of items passed along that length. Eg, a city block is a ~square on the ground bounded by roads. Yet if you're traveling in a city, you might say "I walked 5 blocks." This is a linguistic shortcut, skipping implied information. If you're trying to talk about both in a unclear context, additional words to clarify are required to sufficiently convey the information, that's just how language words.
Martin was also at the coup attempt on Jan 6 and on that day said "Like Mardi Gras in DC today: love, faith and joy. Ignore #FakeNews". https://archive.ph/jekzQ
To be clear, I'm don't like the Microsoft has a proprietary Marketplace, but a company openly violating the terms of use for their own profit is a bit much in my opinion.
> Cursor allegedly has been flouting Microsoft terms-of-service rules for some time now by setting up a reverse proxy to mask its network requests to the endpoints used by the Microsoft Visual Studio Marketplace. This allows Cursor users to install VS Code extensions from Microsoft's market. Other VS Code forks tend to point to Open VSX, an alternative extension marketplace.
this part of the whistleblower complaint seem way worse:
"
On or about March 11, 2025, NxGen metrics indicated abnormal usage at points the prior
week. I saw way above baseline response times, and resource utilization showed increased
network output above anywhere it had been historically – as far back as I could look. I noted that
this lined up closely with the data out event. I also notice increased logins blocked by access
policy due to those log-ins being out of the country. For example: In the days after DOGE
accessed NLRB’s systems, we noticed a user with an IP address in Primorskiy Krai, Russia
started trying to log in. Those attempts were blocked, but they were especially alarming.
Whoever was attempting to log in was using one of the newly created accounts that were used in
the other DOGE related activities and it appeared they had the correct username and password
due to the authentication flow only stopping them due to our no-out-of-country logins policy
activating. There were more than 20 such attempts, and what is particularly concerning is that
many of these login attempts occurred within 15 minutes of the accounts being created by DOGE
engineers.
"
One thing I'd suggest, for any hardware product, is that when doing your bill of materials to provide links and show estimated costs. Sure, these will change but having a rough idea of the costs is really helpful, especially when perusing on from things like HN. It can be a big difference for someone to decide if they want to try it on their own or not. It is the ballpark figures that matter, not the specifics.
You did all that research, write it down. If for no one but yourself! Providing links is highly helpful because names can be funky and helps people (including your future self) know if this is the same thing or not. It's always noisy, but these things reduce noise. Importantly, they take no time while you're doing the project (you literally bought the parts, so you have the link and the price). It saves yourself a lot of hassle, not just for others. Document because no one remembers anything after a few days or weeks. It takes 10 seconds to write it down and 30 minutes to do the thing all over again, so be lazy and document. I think this is one of the biggest lessons I learned when I started as an engineer. You save yourself so much time. You just got to fight that dumb part in your head that is trying to convince you that it doesn't save time. (Same with documenting code[0])
Here. I did a quick "15 minute" look. May not be accurate
Lidar:
One of:
LD06: $80 https://www.aliexpress.us/item/3256803352905216.html
LD19: $70 https://www.amazon.com/DTOF-D300-Distance-Obstacle-Education/dp/B0B1V8D36H
STL27L: $160 https://www.dfrobot.com/product-2726.html
Camera and Lens: $60 https://www.amazon.com/Arducam-Raspberry-Camera-Distortion-Compatible/dp/B0B1MN721K
Raspberry Pi 4: $50
NEMA17 42-23 stepper: $10 https://www.amazon.com/SIMAX3D-Nema17-Stepper-Motor/dp/B0CQLFNSMJ
That gives us $200-$280 before counting the power supply and buck converter.
[0] When I wrote the code only me and god understood what was going on. But as time marched on, now only god knows.
I’ve released some utility libraries under permissive libraries. I like it when they get used. Even when it’s part of a large company’s closed-source app. Many people don’t like that, and that’s perfectly fine, that’s why there are different choices available.
What I’ll never understand is people who release their project with a permissive license and then get upset when a big company distributes their own version of the project in accordance with the license. If you don’t want that sort of appropriation then you need to pick a license that doesn’t allow it.
Some people love programming, for the sake of programming itself. They love the CS theory, they love the tooling, they love most everything about it.
Other people see all that as an means to an end - and find no joy from the technical aspect of creating something. They're more interested in the end result / product, rather than the process itself.
I think that if you're in group A, it can be difficult to understand group B. In vice versa.
I'm a musician, so I love everything about creating music. From the theory, to the mastery of the instrument, the tens of thousands of hours I've poured into it...finally being able to play something I never thought I'd be able to, just by sheer willpower and practice. Coming up with melodies that feel something to me, or I can relate to something.
On the other hand, I know people that want to jump straight to the end result. They have some melody or idea in their head, and they just want to generate some song that revolves around that idea.
I don't really look down on those people, even though the snobs might argue that they're not "real musicians". I don't understand them, but that's not really something I have to understand either.
So I think there are a lot of devs these days, that have been honing their skills and love for the craft for years, that don't understand why people just want things to be generated, with no effort.
The Venn diagram of people who make book purchasing decisions based on “Independent Bookstore Day” and people who choose Amazon because a book is a couple dollars cheaper on a given day has to be two completely separate circles.
All carbon tax is inherently regressive but that's also trivially fixable. Make it revenue neutral and give every citizen a flat portion of the total collected revenue. Bam, it is now progressive, since on average richer people will spend more on fuel (and therefore the tax) even though it is likely a much smaller percentage of their spending.
Every single one of your ideas has problems that are solved by a carbon tax. Taxes are simple, they accomplish what you want, and they don't have loopholes. A carbon tax will _never_ have the unintended consequence of making emissions worse. Many of our current regulations, including the one I was responding to do exactly that because they actually cause people to buy larger trucks than they otherwise would with worse fuel efficiency.
A carbon tax might not on it's own be enough to solve the problem (especially if you set it to low), but no matter what level you set it, it will help. Thanks to unintended consequences, many of our current regulations are actively counter productive, while _also_ having negative economic and other costs.
Thanks for the shout out. I am the CEO of Vivifi medical. We are building off the gat and Goren’s work and making it better and more robust. More importantly making it more accessible to patients through urologists.
Our early clinical trial data from Panama is looking highly encouraging and we are working hard to bring this to the market in the fastest manner possible.
I could not agree more with this. 90% of AI features feel tacked on and useless and that’s before you get to the price. Some of the services out here are wanting to charge 50% to 100% more for their sass just to enable “AI features”.
I’m actually having a really hard time thinking of an AI feature other than coding AI feature that I actually enjoy. Copilot/Aider/Claude Code are awesome but I’m struggling to think of another tool I use where LLMs have improved it. Auto completing a sentence for the next word in Gmail/iMessage is one example, but that existed before LLMs.
I have not once used the features in Gmail to rewrite my email to sound more professional or anything like that. If I need help writing an email, I’m going to do that using Claude or ChatGPT directly before I even open Gmail.
For me, Amazon is a prime example of this. The search is so abysmal, it shows me wrong results intermixed with the thing i am searching for - why? In the hope that i see something that interests me.
I've bought two wrong things accidentally on Amazon as a result: After searching for a surge protector, i bought a power strip that lacked a surge protector because it was among the search results and i didn't notice it.
And after searching for neoprene shorts i accidentally bought shorts that weren't made of neoprene because they also appeared among the results.
Also when searching for shoes in my size, i see prices for the shoes in other sizes. It's hilariously bad.
As a result, i avoid shopping on Amazon.
Shoutout to sites like geizhals.at that will let me filter by dozens of attributes per category to find the perfect product.
Hey, so I built this thing, most of it at so far at least. And yeah, right now it isn't doing many things better than Homebrew.
Setting of relative paths for bottle installs is still not perfect, well it works for every bottle I have tested except rust. Getting bottles working 100% is very doable though imo.
Build from source formulae is still pretty f*ed + I do not know if it is really feasible given that the json API lacks information there and a full on Ruby -> Rust transpiler is way out of scope. Will probably settle for automatic build system detection based on archive structure there. + Maybe do my own version of the .rb scripts but in a more general machine readable format, not .rs lol
Casks seem to work but I have only tested some .dmg -> .app ones and .pkg installers so far though. As with bottles 100% doable.
Given that almost all formulae are available as bottles for modern ARM mac this could become a fully featured package manager. Actually didn't think so many people would look at it, started building it for myself because Homebrew just isn't cutting it for what I want.
Started working on a declarative package + system manager for mac because I feel ansible is overkill for one machine and not really made for that and nix-darwin worms itself into the system so deep. Wrapping Brew commands was abysmally slow though so I started working on this and by now I am deep enough in I won't stop xD
Anyway I am grateful for every bug report, Issue and well meaning pull request.
When this was up yesterday I complained that the refusal rate was super high especially on government and military shaped tasks, and that this would only push contractors to use CN-developed open source models for work that could then be compromised.
Today I'm discovering there is a tier of API access with virtually no content moderation available to companies working in that space. I have no idea how to go about requesting that tier of access, but have spoken to 4 different defense contractors in the last day who seem to already be using it.
When context changes, so do the prospects of these ideas.
Youtube wasn't the first video streaming service but it was one of the first for the DSL era when people could watch video without lengthy waits.
AI companies repeatedly failed until enough things, specifically data and compute were at enough scale to deliver.
Advancements in battery technology made electric cars practical bucking the trend of decades of failed EV car companies.
So many things - contactless payment, touchscreens, even LCD panels, these were lousy and impractical for decades.
Attempts at mass adoption of handheld computers, now called smartphones, started in the 1980s. Without high speed mobile networks, high density color LCD screens, reliable geolocation, these things were necessary to make the handheld pocket computer something that everybody has.
Even online grocery delivery services, now common place, had its start in the catastrophic collapse of WebVan in the 1990s. Cell phones, the gig economy, mature e-payments, these were all needed.
You always need to look for the context change and how that can untar some tarpits.
This all reminds me a lot of the early 2000's, when big corporations thought they could save a lot of money by outsourcing development work to low-income countries and have their expensive in-house engineers only write specifications. Turns out most of those outsourcing parties won't truly understand the core ideas behind the system you're trying to build, won't think outside the box and make corrections where necessary, and will just build the thing exactly as written in the spec. The result being that to get the end product you want, the spec needs to be so finely detailed and refined that by the time you get both specification and implementation to the desired quality level, it would have been the same amount of effort (and probably less time and frustration) to just build the system in-house.
Of course outsourcing software development hasn't gone away, but it hasn't become anywhere near as prevalent and dominant as its proponents would've had you believe. I see the same happening with AI coding - it has its place, certainly for prototyping and quick-and-dirty solutions - but it cannot and will not truly replace human understanding, ingenuity, creativity and insight.
