What are the most upvoted users of Hacker News commenting on? Powered by the /leaders top 50 and updated every thirty minutes. Made by @jamespotterdev.
If they're Protestant, that might be a point in its favor :)
> except for the temperature, which I assume is more or less the same as yesterday
I guess you live somewhere very, very different from me.
And I guess I just don't enjoy the surprise of shivering cold, or soaking sweat, when I choose the wrong jacket.
I just wonder when somebody is going to have an opinion on this subject they take seriously enough to write a blog post themselves.
Yeah that's the top contender at the moment. I think it's pretty good.
They had no reason to stop this until it became publicly embarrassing for them.
Can you expound on that? I'm not sure I get what you're implying.
What people mostly see is the illusion of productivity. But the measure should be outcomes, not the amount of stuff made. If a factory produces 10x the product but it is only 1/3rd the quality of what it was before that is long term unsustainable and leaves the door open for a competitor to attack them on quality.
This is the key driver behind all those 'enshittification' problems that we see. Quantity over quality is almost always a balance and not a binary, if you start treating it as if one should always trump at the expense of the other then sooner or later it will catch up with you.
There is another factor at play here: EU hosting providers that are not owned lock, stock & barrel are few and far between and Hetzner has a very nice sales representative in the White House.
All the best to them, however this feels like yah shaving instead of focusing into delivering a browser than can become an alternative to Safari/Chrome duopoly.
> Don’t underestimate the reach of billionaires with an ideological agenda.
Or the audience's need to have their wrong opinions validated.
Clearly you need one of the special commercial microwaves which has a -800W setting, to suck the heat out at a much higher rate.
Bit of googling suggests this is a whole, fascinating world of little improvements. However it's also both constrained and pushed forward by what's road legal.
https://www.volvotrucks.co.uk/en-gb/news/insights/articles/2... : removing mirrors allows for much smoother cab airflow
https://go2stream.com/blog/aerodynamic-truck-legislation-rea... : UK legalization of fishtail-like devices
https://www.kudauk.ltd.uk/aerodynamics-explained : Kuda on the UK allowing higher loads, and therefore benefiting from extra wedge devices on the top of the cab.
I'm sure there's a lot more out there. The eventual switch to electric will probably come with another round of aerodynamic improvements to maximise range, as with cars.
This is a valid observation. Capital breeds more capital and just like water seeks the lowest point capital will seek to enable those who are willing to bend or even break the rules. This is embodied in YC's application questionnaire in interesting ways, it is effectively capital testing for exactly those properties. I think 'ethical' should be made explicit in your list, and not lumped in with 'other'. Because that is one of the more important ones and it usually is also the first to be thrown out.
.. ah, yes, "completely unmoderated free speech system that supports images" does mean "may contain CSAM". Heck, even Instagram had a horrific "mirror world" incident where the moderation bit got flipped on a number of images which ordinary users were exposed to.
I wouldn't run any kind of publishing system for anons myself. It's potentially valuable for an actual social group though.
Yeah, it is as if there were never other compiled languages before to rewrite JavaScripting tooling.
> Fox News has been the #1 rated cable news network for over two decades.
Yeah, but cable news only displaced local and broadcast TV news as the main news source after 9/11, and already by 2010 had itself been displaced by online media. There was only a very brief moment in history where "the #1 rated cable news network" was really an indicator of being a mainstream news source.
This compiles to native binaries, as opposed to deno which is also in rust but is more an interpreter for sandboxed environments?
> Offering goods or services below the cost of their production is often illegal, though. It's called "dumping"
No.
Dumping is an international-trade term. It doesn’t even require pricing below cost, just aiming “to increase market share in a foreign market by driving out competition and thereby create a monopoly situation where the exporter will be able to unilaterally dictate price and quality of the product” [1].
Loss leaders are common in commerce and entirely legal, as are free trials. I struggle to think of a competent jurisdiction that bans them.
Any ATProto based replacements available?
Internet Archive has 2025-2026 in their possession, should make it into OpenLibrary eventually once scanned.
Pretty simple solution: all tech out of schools, back to paper.
There is value in being able to automate things, but there is far more value in being able to first to learn how to do stuff yourself.
I don't think Knuth needs to stoop that low. He actually knows what he's doing.
> Isn't the reason companies are doing this because they're offering tokens at a discount, provided they're spent through their tooling?
Then maybe they should charge for that instead of banning accounts?
Google decided on their own business plan without any guns to their backs. If they decide to create a plan that is subsidized that's entirely on them.
I don't know why people here can't accept the simple fact that AI companies are offering cheap "unlimited" plans as a loss leader to tie you to their ecosystem, and then make up for it via add-ons, upsells, ads etc. If you use those API tokens to access external services it defeats the purpose. The hack may have worked so far, mainly because no one was checking, but they are all going to tighten the access eventually (as Anthropic and Google have already done).
Either stick to first party products or pay for API use.
I don't understand why people keep giving Grokipedia this kind of oxygen. It's an utterly unserious project. Wikipedia, on the other hand, stands among the most important achievements in human knowledge of the last 100 years. It's like comparing a pillow fort to the Great Wall.
“To simplify greatly, the strategy of non-violence aims first to cause disruption (non-violently) in order both to draw attention but also in order to bait state overreaction. The state’s overreaction then becomes the ‘spectacular attack’ which broadcasts the movement’s message, while the group’s willingness to endure that overreaction without violence not only avoids alienating supporters, it heightens the contrast between the unjust state and the just movement.
That reaction maintains support for the movement, but at the same time disruption does not stop: the movements growing popularity enable new recruits to replace those arrested (just as with insurgent recruitment) rendering the state incapable of restoring order. The state’s supporters may grow to sympathize with the movement, but at the very least they grow impatient with the disruption, which as you will recall refuses to stop.
As support for state repression of the movement declines (because repression is not stopping the disruption) and the movement itself proves impossible to extinguish (because repression is recruiting for it), the only viable solution becomes giving the movement its demands.”
https://acoup.blog/2026/02/13/collections-against-the-state-...
My seven year old boy likes to spin in circles. I think he likes the stimulation from the inner ear fluid sloshing around. Dancing in a club seems similar.
Here is the thing, I still remember when there was no recording, what happens in the venue stays in the venue, or gets talked with others that shared the experience.
I don't agree with that. FreeBSD has more of an engineering than a hacking mentality and it shows in the various architectural choices.
And containers really are a VM-light, so you might as well use the real thing, in fact, VMWare for a long time thought that their images would be a container like thing and many larger installations used them as such.
> Treating DoS as affecting availability converts the issue into a "do I want to spend $X from a shakedown, or $Y to avoid being shaken down in the first place?"
But that is what security is in the real world anyway. Once you move past the imaginary realms of crypto and secure coding that some engineers daydream in, the ultimate reality is always about "do I want to spend $X dealing with consequences of ${specific kind of atack}, or $Y on trying to prevent it" - and the answer is to consider how much $X is likely to be, and how much it'll be reduced by spending $Y, and only spending while the $Y < reduction in $X.
It also doesn't help that "robust security" often is the problem in the first place.
People forget to ask the most important question: security for whom, and from what.
I was trying to formulate my argument to disagree with the "cost center" thinking in https://news.ycombinator.com/item?id=47107553, until I saw this comment. Now I feel that 'alephnerd might be right after all.
> (...) ops (...) a bunch of scripts to manage deployments.
Devops is prime example of work to be minimized and ultimately eliminated entirely by automation. Yes, it's a complex domain rich in challenges and there's both art and skill to do it right, but at the same time, it's also not the thing we want, just the thing we have to do to get the thing we want, because we can't yet do better.
USB-C can do up to 240W. These days I power all my devices with a USB hub, even my Lipo charger.
I guess the "eight megabytes and constantly swapping" meme is now lost given Electron.
VSCode isn't a regular Electron crap application, in fact Microsoft has dozens of out-of-process plugins written in C++, Rust and C# to work around Electron crap issues, also the in-editor terminal makes use of WebGL instead of div and p soup.
Sign project contracts with Eng. and find out when liability comes into play.
We managed during the last 20 years just fine.
> they are going to try to say that a “balance of payments” problem is a “payments problem”
"The balance of payments consists of two primary components: the current account and the...financial account" [1]. The current account is the trade deficit or surplus in goods and services. The financial account (a/k/a the capital account) tracks movement of money.
If you have a free-floating currency, your balance of payments is always zero. This is the principle advantage of a free-floating currency: your exchange rate adjusts to finance trade deficits and invest surpluses [2]. America does not have a balance of payments problem because America doesn't fix the price of a dollar.
The best the U.S. could argue for § 122 jurisdiction is that a trade deficit constittues a fundamental international payments problem. That is, of course, nonsense from an economics perspective. But I don't know how these terms have been used in U.S. trade law. (My strongest argument against the author's argument woudld be that the Congress passing statute that "no longer applied by the time the Trade Act was introduced" merits deeper scrutiny of Congressional intent.)
[1] https://en.wikipedia.org/wiki/Balance_of_payments
[2] https://fraser.stlouisfed.org/files/docs/meltzer/fribal67.pd...
Somebody should measure keyboard/mouse lag for various web site/browser/operating system combinations. That would be useful. There's probably a startup in doing that as a metric.
This would be easier to do now that LLMs can learn to navigate web sites. Less custom code.
Also useful - measure it for point of sale systems.
Is there a good book on “the three pillars of modern Iranian philosophy” that could serve as an overview to someone unfamiliar?
> it would be utterly foolish to exclude the vast amounts of data collected by government agencies
Never suggested this. You use the government data. And you supplement with specialist sources. If you’re near any avalanche areas, for example, your snow forecasts typically have an additional layer of resolution available if you know where to look.
It’s building pyramids all over again.
No, the whole point of these systems is that you can trust them even if their servers are compromised. If you exclude that possibility from your threat model, you might as well not bother encrypting at all; just send your passwords to the server in an HTTPS POST.
We've had a few dud booms in the last fifteen years. 3D TV. VR. Metaverse. Electric cars in the US. They all worked technically, but just didn't catch on.
I've been developing one of these in the past few days, and this is like saying "this is a great example of how silly the whole thing is, there's next to nothing to cars" because you saw a piece of plywood with four gaskets nailed to it.
If you want a personal assistant to work well, there's a whole lot to it.
And you don’t think short term profit chasing has a death count?
It's the attention mechanism at work, along with a fair bit of Internet one-up-manship. The LLM has ingested all of the text on the Internet, as well as Github code repositories, pull requests, StackOverflow posts, code reviews, mailing lists, etc. In a number of those content sources, there will be people saying "Actually, if you go into the details of..." or "If you look at the intricacies of the problem" or "If you understood the problem deeply" followed by a very deep, expert-level explication of exactly what you should've done differently. You want the model to use the code in the correction, not the one in the original StackOverflow question.
Same reason that "Pretend you are an MIT professor" or "You are a leading Python expert" or similar works in prompts. It tells the model to pay attention to the part of the corpus that has those terms, weighting them more highly than all the other programming samples that it's run across.
What conclusion? This is the Always Sunny corkboard.
It matters a lot. For instance, many compilers will put time stamps in their output streams. This can mess up the downstream if your goal is a bit-by-bit identical piece of output across multiple environments.
And that's just one really low hanging fruit type of example, there are many more for instance selecting a different optimization path when memory pressure is high and so on.
https://wccftech.com/apple-eyeing-a-partnership-with-chinese...
Apple has planned to explore cooperation with Chinese memory chip manufacturers Yangtze Storage (YMTC) and Changxin Storage (CXMT) to strive for more favorable supply contracts [from the big three]You only see Mirais within spitting distance of the one place where they can tank. The network just isn't developed to the point that owning one of these makes any sense at all.
This is an interesting area for experiments. I suspect that in the longer term model optimization (knowing which bits you can leave out without affecting the functioning of the model) will become the dominant area of research just like it did with compression algorithms because effectively a model is a lossy compression scheme.
And that's good because that increases democratization of AI away from the silos that are being created.
Please don't be knee-jerk dismissive of posts. Absolute nothing about this article looks "LLM-generated style" to me.
You don't give the agent the password, you send the password through a method that bypasses the agent.
I'm writing my own AI helper (like OpenClaw, but secure), and I've used these principles to lock things down. For example, when installing plugins, you can write the configuration yourself on a webpage that the AI agent can't access, so it never sees the secrets.
Of course, you can also just tell the LLM the secrets, and it will configure the plugin, but there's a way for security-conscious people to achieve the same thing. The agent can also not edit plugins, to avoid things like circumventing limits.
If anyone wants to try it out, I'd appreciate feedback:
"Yeah our team wrote it but everyone who built that part of it has moved to different teams or companies since."
> the place hydrogen might work is airplanes where the energy density of batteries doesn't work.
How is that going to work? Cryogenic liquid hydrogen? High pressure tanks? Those don't seem practical for an airplane.
What does work for airplanes is to use carbon atoms that hydrogen atoms can attach to. Then, it becomes a liquid that can easily be stored at room temperature in lightweight tanks. Very high energy density, and energy per weight!
(I think it's called kerosene.)
No, what an asinine construction.
What has changed the city's culture is money. As mentioned in the article, virtually every billboard and advertising surface downtown is for some SAAS or B2B company. Every startup that gets capitalized dumps a load of money into saturation advertising making itself look like the new hotness, and the corresponding rise in advertising prices means nothing is advertised but tech and ways to make money with tech. A lot of the adverts even look the same.
That's not the product of migrants. SF is turning into a ghost town because the entire downtown area increasingly feels like the inside of a conference center. There isn't anything fun to do or places to go besides work, nothing that might appeal to youth, nothing that isn't business focused. Can you imagine being a teenager in SF? You go to the middle of town and every advert is just an elevator pitch for HR services or devops or model training, and most of the them aren't even visually interesting to look at. Entire subway stations are taken over with adverts touting how agentic or accelerant some new brand is. It's boring. A Japanese acquaintance of mine who visited SF recently asked 'don't people here think about anything but work?'
How you ended up blaming this humanity-free environment on 'too many migrants' is beyond me.
“What are you optimizing for, materially and emotionally?” Status? Validation? Material comfort?
Many can provide advice on what to chase and optimize for, only you can decide for you.
Have you checked out https://svix.com? No affiliation, I just like the product. Might also check out https://www.standardwebhooks.com/
>And at every layer except for maybe the PLC directory, there's nothing stopping anyone from fixing that “almost nobody does” problem.
If there's nothing stopping anyone from fixing a problem, and yet nobody fixes it, then there's something is stopping them.
Might not be a technical impossibility, or a gun in their head. Could be as simple as inertia or addiction.
But saying "the problem is totally solvable" just because there's a solution available, is pretty naive. Solutions have costs themselves, and not all are created equal or equally feasible.
Most however are surely capable of understanding a simple metaphor, in which "magic" in the context of coding means "behavior occuring implicitly/as a black box".
Yes, it's not magic as in Merlin or Penn and Teller. But it is magic in the aforementioned sense, which is also what people complain about.
I don't know what that means, because a polygraph by design tells the polygrapher whatever they want it to.
I went through national-security polygraph exams twice, and they were no big deal. Filling out SF-86 (which used to start "List all residences from birth"), now that's a hassle.
In my aerospace company days, almost everything I did was unclassified, but I was put through the mill of getting higher level security clearances so I could be assigned to classified projects. Fortunately, I never was.
It's technically possible to use 2FA (e.g. TOTP) on the same device as the agent, if appropriate in your threat model.
In the scenario you describe, 2FA is enforcing a human-in-the-loop test at organizational boundaries. Removing that test will need an even stronger mechanism to determine when a human is needed within the execution loop, e.g. when making persistent changes or spending money, rather than copying non-restricted data from A to B.
It's very easy to create hydrogen from fossil natural gas. Which is the real motivation behind 99% of H2 projects; continue to emit CO2, just hidden from the end user.
Battery electric is now pretty much inevitable.
> If an LLM is a product, and it contains the work (in this case can spit out Harry Potter) it is derivative. Doesn't matter what it's used for.
That's not the definition of a derivative work in copyright law; further, whether what legally qualifies as a derivative work is within the scope of the exclusive rights of the copyright holder is, in the US, subject to whether it is within one of the exceptions to exclusive rights in the law, notably the fair use exception, which very much does depend on, among other things, what it is used for.
This is what always confused me about VC AI enthusiasm. Their moat is the capital. As AI improves, it destroys their moat. And yet, they are stoked to invest in it, the architects of their own demise.
They coasted on momentum for half a year. I don't even think it says anything negative about the current CTO, but more of what an exception JGC is relative to what is normal. A CTO leaving would never show up the next day in the stats, the position is strategic after all. But you'd expect to see the effect after a while, 6 months is longer than I would have expected, but short enough that cause and effect are undeniable.
Even so, it is a strong reminder not to rely on any one vendor for critical stuff, in case that wasn't clear enough yet.
That's nearly all of them (graduates)
>The blog ends there. No sign-off, no “thanks for reading.” Just a few sentences in a language that most of us lost the ability to follow somewhere around the thirteenth century.
Fucking AI slop, even this
I have had to interpret between an Ulsterman and a South African, who were both speaking English. I think those accents have vowel shifted in opposite directions.
I was also taught a bit of Chaucer (died 1400) in English at school. Although not any of the naughty bits.
Yeah, and if you give another human access to all your private information and accounts, they need lots of supervision, too; history is replete with examples demonstrating this.
>It doesn’t make any sense in 2026 that Gmail doesn’t have a dark mode
I've been using dark mode on gmail for years, not sure what OP is talking about here.
But also, my sleep quality got much better when I turned on f.lux. And it got better still when I added a second light to my bathroom that can do a 1800K super-warm light (that's also very dim).
And as an added pro-tip, I use f.lux during the day to cut my color temp to 5900K (instead of the default 6500K) and it made a huge difference for how long I could work without getting tired eyes.
If Apple wanted to win back some serous credibility in the AI field there are two very low hanging fruit that they could use:
- Announce that they are no longer going to deprecate sandbox-exec and instead publish detailed documentation for it
- Add a reliable "select all" option to the iOS copy/paste menu
SAML is bad semantically too, not just because of XML. SAML is arguably the worst cryptographic standard ever created.
I first encountered djb's work back in the 90's with qmail and djbdns, where he took a very different and compartmentalized approach to the more common monolithic tooling for running email and DNS. I'd even opine that the structure of these programs are direct ancestors to modern microservice architectures, except using unix stdio and other unix isolation mechanisms.
He's definitely opinionated, and I can understand people being annoyed with someone who is vociferous in their disagreement and questioning the motives of others, but given the occasional bad faith and subversion we see by large organizations in the cryptography space, it's nice to have someone hypervigilant in that area.
I generally think that if djb thinks something is OK in terms of cryptograpy, it's passed a very high analytical bar.
I started backing in because it was recommended in a defensive driving class I took in 2010 or so.
The wild thing is Republicans would probably keep the House if Miller et al let the illegal tariffs expire. The tax cut would probably even give the Fed room to cut rates. Not sure who in the White House is most directly pushing for these. But they're clearly hurting both America and Trump.
This reads very LLM-y, misses huge chunks of the story (multiple paragraphs on "clamping" and static ECDH, a single line on Ristretto and nothing on signature schemes, which is where that matters), has a breathless tone about Chapoly and Nacl that is totally unwarranted, misses almost all the NIST PQC drama, most of which was not in fact about hybrid cryptography, and in the end doesn't offer any analysis, just this bad re-telling.
My guess is someone had this generated as part of some dumb pressure campaign. It's weird.
(It's funny that people are chiming in to call this a "hit piece"; if anything, it's twisting itself into pretzels to be charitable to Bernstein's IETF involvement. I assume whoever generated it supports him.)
I'm currently planning to avoid sponsorship from companies that I regularly write about for that reason.
I don't, which is why I'm not running OpenClaw on the live internet right now. See also Andrej's original tweet.
> If there is no real penalty for being a career criminal, people will continue to be career criminals.
I know this is a wild idea, but what if they had better options than career criminal for a living?
Americans are so invested in the penalties they can’t imagine the incentives approach.
> It's all just a sprawling behemoth of a framework, because it tries to do everything.
I also interact with OAuth quite a bit at work. I also have dealt with SAML.
I'd pick OAuth over SAML any day of the week, and not just because OAuth (v2 at least) is 7 years younger.
It's also because OAuth, for all its sprawl, lets you pick and choose different pieces to focus on, and has evolved over time. The overall framework tries to meet everyone's needs, but accomplishes this via different specs/RFCs.
SAML, on the other hand, is an 800 page behemoth spec frozen in time. It tried to be everything to everyone using the tools available at the time (XML, for one). Even though the spec isn't evolving (and the WG is shut down) it's never going to go away--it's too embedded as a solution for so many existing systems.
I also don't know what could replace OAuth. I looked at GNAP but haven't seen anything else comparable to OAuth.
Yeah but what you just said is "I don't want to run Android", which, sure, you can do.
I was worried about the security risk of running it on my infrastructure, so I made my own:
https://github.com/skorokithakis/stavrobot
At least I can run this whenever, and it's all entirely sandboxed, with an architecture that still means I get the features. I even have some security tradeoffs like "you can ask the bot to configure plugin secrets for convenience, or you can do it yourself so it can never see them".
You're not going to be able to prevent the bot from exfiltrating stuff, but at least you can make sure it can't mess with its permissions and give itself more privileges.
> And the cohort most likely to vote well when they do
Eh, this is far from a given. Mao's Red Guards were passionate idiots. And America's young men are in thrall of Clavicular.
The most powerful empires in history have had large rebublics at their cores for good reason. The wisdom of a crowd greatly increases with its diversity.
> I'm not convinced that there is a point in attempting explaining it
That encapsulates my point.
I’ve worked on various pieces of legislation. All privately. A few made it into state and federal law. Broadly speaking, the ones that make it are the ones for which you can’t get their supporters to stop calling in on.
Privacy issues are notoriously shit at getting people to call their electeds on. The exception is when you can find traction outside tech, or if the target is directly a tech company.
> I don’t have a better one at hand
Perfect is the enemy of good. Claw is good enough. And perhaps there is utility to neologisms being silly. It conveys that the namespace is vacant.
I used to have a LinkedIn account, a long time ago. To register I created an email address that was unique to LinkedIn, and pretty much unguessable ... certainly not amenable to a dictionary attack.
I ended up deciding that I was getting no value from the account, and I heard unpleasant things about the company, so I deleted the account.
Within hours I started to get spam to that unique email address.
It would be interesting to run a semi-controlled experiment to test whether this was a fluke, or if they leaked, sold, or otherwise lost control of my data. But absolutely I will not trust them with anything I want to keep private.
I do not trust LinkedIn to keep my data secure ... I believe they sold it.
gForth [0] is great for getting started
if you are working with specific hardware (e.g. microcontrollers) it depends on which forth dialects are available but for the raspberry pico and pico 2 I recently found zeptoforth [1]
or you know you can always bootstrap your own :)
[0] https://gforth.org [1] https://github.com/tabemann/zeptoforth
It's 5am in New York, not even the most dedicated anti EU Americans are up yet.
We go back to the demoscene days, being creative with what we have instead of shipping Electron junk.