What are the most upvoted users of Hacker News commenting on? Powered by the /leaders top 50 and updated every thirty minutes. Made by @jamespotterdev.
My seven year old boy likes to spin in circles. I think he likes the stimulation from the inner ear fluid sloshing around. Dancing in a club seems similar.
Here is the thing, I still remember when there was no recording, what happens in the venue stays in the venue, or gets talked with others that shared the experience.
I don't agree with that. FreeBSD has more of an engineering than a hacking mentality and it shows in the various architectural choices.
And containers really are a VM-light, so you might as well use the real thing, in fact, VMWare for a long time thought that their images would be a container like thing and many larger installations used them as such.
> Treating DoS as affecting availability converts the issue into a "do I want to spend $X from a shakedown, or $Y to avoid being shaken down in the first place?"
But that is what security is in the real world anyway. Once you move past the imaginary realms of crypto and secure coding that some engineers daydream in, the ultimate reality is always about "do I want to spend $X dealing with consequences of ${specific kind of atack}, or $Y on trying to prevent it" - and the answer is to consider how much $X is likely to be, and how much it'll be reduced by spending $Y, and only spending while the $Y < reduction in $X.
It also doesn't help that "robust security" often is the problem in the first place.
People forget to ask the most important question: security for whom, and from what.
I was trying to formulate my argument to disagree with the "cost center" thinking in https://news.ycombinator.com/item?id=47107553, until I saw this comment. Now I feel that 'alephnerd might be right after all.
> (...) ops (...) a bunch of scripts to manage deployments.
Devops is prime example of work to be minimized and ultimately eliminated entirely by automation. Yes, it's a complex domain rich in challenges and there's both art and skill to do it right, but at the same time, it's also not the thing we want, just the thing we have to do to get the thing we want, because we can't yet do better.
USB-C can do up to 240W. These days I power all my devices with a USB hub, even my Lipo charger.
I guess the "eight megabytes and constantly swapping" meme is now lost given Electron.
VSCode isn't a regular Electron crap application, in fact Microsoft has dozens of out-of-process plugins written in C++, Rust and C# to work around Electron crap issues, also the in-editor terminal makes use of WebGL instead of div and p soup.
> they are going to try to say that a “balance of payments” problem is a “payments problem”
"The balance of payments consists of two primary components: the current account and the...financial account" [1]. The current account is the trade deficit or surplus in goods and services. The financial account (a/k/a the capital account) tracks movement of money.
If you have a free-floating currency, your balance of payments is always zero. This is the principle advantage of a free-floating currency: your exchange rate adjusts to finance trade deficits and invest surpluses [2]. America does not have a balance of payments problem because America doesn't fix the price of a dollar.
The best the U.S. could argue for § 122 jurisdiction is that a trade deficit constittues a fundamental international payments problem. That is, of course, nonsense from an economics perspective. But I don't know how these terms have been used in U.S. trade law. (My strongest argument against the author's argument woudld be that the Congress passing statute that "no longer applied by the time the Trade Act was introduced" merits deeper scrutiny of Congressional intent.)
[1] https://en.wikipedia.org/wiki/Balance_of_payments
[2] https://fraser.stlouisfed.org/files/docs/meltzer/fribal67.pd...
Somebody should measure keyboard/mouse lag for various web site/browser/operating system combinations. That would be useful. There's probably a startup in doing that as a metric.
This would be easier to do now that LLMs can learn to navigate web sites. Less custom code.
Also useful - measure it for point of sale systems.
We can also argue C++ is not a scripting language, which is what is approach is all about.
When C and C++ were the main programming languages during the 1990's, and commercial compilers abounded strangely we could manage handling all those build systems approaches.
Is there a good book on “the three pillars of modern Iranian philosophy” that could serve as an overview to someone unfamiliar?
It’s building pyramids all over again.
No, the whole point of these systems is that you can trust them even if their servers are compromised. If you exclude that possibility from your threat model, you might as well not bother encrypting at all; just send your passwords to the server in an HTTPS POST.
We've had a few dud booms in the last fifteen years. 3D TV. VR. Metaverse. Electric cars in the US. They all worked technically, but just didn't catch on.
I've been developing one of these in the past few days, and this is like saying "this is a great example of how silly the whole thing is, there's next to nothing to cars" because you saw a piece of plywood with four gaskets nailed to it.
If you want a personal assistant to work well, there's a whole lot to it.
And you don’t think short term profit chasing has a death count?
It's the attention mechanism at work, along with a fair bit of Internet one-up-manship. The LLM has ingested all of the text on the Internet, as well as Github code repositories, pull requests, StackOverflow posts, code reviews, mailing lists, etc. In a number of those content sources, there will be people saying "Actually, if you go into the details of..." or "If you look at the intricacies of the problem" or "If you understood the problem deeply" followed by a very deep, expert-level explication of exactly what you should've done differently. You want the model to use the code in the correction, not the one in the original StackOverflow question.
Same reason that "Pretend you are an MIT professor" or "You are a leading Python expert" or similar works in prompts. It tells the model to pay attention to the part of the corpus that has those terms, weighting them more highly than all the other programming samples that it's run across.
What conclusion? This is the Always Sunny corkboard.
It matters a lot. For instance, many compilers will put time stamps in their output streams. This can mess up the downstream if your goal is a bit-by-bit identical piece of output across multiple environments.
And that's just one really low hanging fruit type of example, there are many more for instance selecting a different optimization path when memory pressure is high and so on.
https://wccftech.com/apple-eyeing-a-partnership-with-chinese...
Apple has planned to explore cooperation with Chinese memory chip manufacturers Yangtze Storage (YMTC) and Changxin Storage (CXMT) to strive for more favorable supply contracts [from the big three]You only see Mirais within spitting distance of the one place where they can tank. The network just isn't developed to the point that owning one of these makes any sense at all.
This is an interesting area for experiments. I suspect that in the longer term model optimization (knowing which bits you can leave out without affecting the functioning of the model) will become the dominant area of research just like it did with compression algorithms because effectively a model is a lossy compression scheme.
And that's good because that increases democratization of AI away from the silos that are being created.
Please don't be knee-jerk dismissive of posts. Absolute nothing about this article looks "LLM-generated style" to me.
You don't give the agent the password, you send the password through a method that bypasses the agent.
I'm writing my own AI helper (like OpenClaw, but secure), and I've used these principles to lock things down. For example, when installing plugins, you can write the configuration yourself on a webpage that the AI agent can't access, so it never sees the secrets.
Of course, you can also just tell the LLM the secrets, and it will configure the plugin, but there's a way for security-conscious people to achieve the same thing. The agent can also not edit plugins, to avoid things like circumventing limits.
If anyone wants to try it out, I'd appreciate feedback:
"Yeah our team wrote it but everyone who built that part of it has moved to different teams or companies since."
> the place hydrogen might work is airplanes where the energy density of batteries doesn't work.
How is that going to work? Cryogenic liquid hydrogen? High pressure tanks? Those don't seem practical for an airplane.
What does work for airplanes is to use carbon atoms that hydrogen atoms can attach to. Then, it becomes a liquid that can easily be stored at room temperature in lightweight tanks. Very high energy density, and energy per weight!
(I think it's called kerosene.)
No, what an asinine construction.
What has changed the city's culture is money. As mentioned in the article, virtually every billboard and advertising surface downtown is for some SAAS or B2B company. Every startup that gets capitalized dumps a load of money into saturation advertising making itself look like the new hotness, and the corresponding rise in advertising prices means nothing is advertised but tech and ways to make money with tech. A lot of the adverts even look the same.
That's not the product of migrants. SF is turning into a ghost town because the entire downtown area increasingly feels like the inside of a conference center. There isn't anything fun to do or places to go besides work, nothing that might appeal to youth, nothing that isn't business focused. Can you imagine being a teenager in SF? You go to the middle of town and every advert is just an elevator pitch for HR services or devops or model training, and most of the them aren't even visually interesting to look at. Entire subway stations are taken over with adverts touting how agentic or accelerant some new brand is. It's boring. A Japanese acquaintance of mine who visited SF recently asked 'don't people here think about anything but work?'
How you ended up blaming this humanity-free environment on 'too many migrants' is beyond me.
“What are you optimizing for, materially and emotionally?” Status? Validation? Material comfort?
Many can provide advice on what to chase and optimize for, only you can decide for you.
Have you checked out https://svix.com? No affiliation, I just like the product. Might also check out https://www.standardwebhooks.com/
>And at every layer except for maybe the PLC directory, there's nothing stopping anyone from fixing that “almost nobody does” problem.
If there's nothing stopping anyone from fixing a problem, and yet nobody fixes it, then there's something is stopping them.
Might not be a technical impossibility, or a gun in their head. Could be as simple as inertia or addiction.
But saying "the problem is totally solvable" just because there's a solution available, is pretty naive. Solutions have costs themselves, and not all are created equal or equally feasible.
Most however are surely capable of understanding a simple metaphor, in which "magic" in the context of coding means "behavior occuring implicitly/as a black box".
Yes, it's not magic as in Merlin or Penn and Teller. But it is magic in the aforementioned sense, which is also what people complain about.
I don't know what that means, because a polygraph by design tells the polygrapher whatever they want it to.
I went through national-security polygraph exams twice, and they were no big deal. Filling out SF-86 (which used to start "List all residences from birth"), now that's a hassle.
In my aerospace company days, almost everything I did was unclassified, but I was put through the mill of getting higher level security clearances so I could be assigned to classified projects. Fortunately, I never was.
It's technically possible to use 2FA (e.g. TOTP) on the same device as the agent, if appropriate in your threat model.
In the scenario you describe, 2FA is enforcing a human-in-the-loop test at organizational boundaries. Removing that test will need an even stronger mechanism to determine when a human is needed within the execution loop, e.g. when making persistent changes or spending money, rather than copying non-restricted data from A to B.
It's very easy to create hydrogen from fossil natural gas. Which is the real motivation behind 99% of H2 projects; continue to emit CO2, just hidden from the end user.
Battery electric is now pretty much inevitable.
> If an LLM is a product, and it contains the work (in this case can spit out Harry Potter) it is derivative. Doesn't matter what it's used for.
That's not the definition of a derivative work in copyright law; further, whether what legally qualifies as a derivative work is within the scope of the exclusive rights of the copyright holder is, in the US, subject to whether it is within one of the exceptions to exclusive rights in the law, notably the fair use exception, which very much does depend on, among other things, what it is used for.
This is what always confused me about VC AI enthusiasm. Their moat is the capital. As AI improves, it destroys their moat. And yet, they are stoked to invest in it, the architects of their own demise.
They coasted on momentum for half a year. I don't even think it says anything negative about the current CTO, but more of what an exception JGC is relative to what is normal. A CTO leaving would never show up the next day in the stats, the position is strategic after all. But you'd expect to see the effect after a while, 6 months is longer than I would have expected, but short enough that cause and effect are undeniable.
Even so, it is a strong reminder not to rely on any one vendor for critical stuff, in case that wasn't clear enough yet.
That's nearly all of them (graduates)
>The blog ends there. No sign-off, no “thanks for reading.” Just a few sentences in a language that most of us lost the ability to follow somewhere around the thirteenth century.
Fucking AI slop, even this
I have had to interpret between an Ulsterman and a South African, who were both speaking English. I think those accents have vowel shifted in opposite directions.
I was also taught a bit of Chaucer (died 1400) in English at school. Although not any of the naughty bits.
Yeah, and if you give another human access to all your private information and accounts, they need lots of supervision, too; history is replete with examples demonstrating this.
>It doesn’t make any sense in 2026 that Gmail doesn’t have a dark mode
I've been using dark mode on gmail for years, not sure what OP is talking about here.
But also, my sleep quality got much better when I turned on f.lux. And it got better still when I added a second light to my bathroom that can do a 1800K super-warm light (that's also very dim).
And as an added pro-tip, I use f.lux during the day to cut my color temp to 5900K (instead of the default 6500K) and it made a huge difference for how long I could work without getting tired eyes.
If Apple wanted to win back some serous credibility in the AI field there are two very low hanging fruit that they could use:
- Announce that they are no longer going to deprecate sandbox-exec and instead publish detailed documentation for it
- Add a reliable "select all" option to the iOS copy/paste menu
SAML is bad semantically too, not just because of XML. SAML is arguably the worst cryptographic standard ever created.
I first encountered djb's work back in the 90's with qmail and djbdns, where he took a very different and compartmentalized approach to the more common monolithic tooling for running email and DNS. I'd even opine that the structure of these programs are direct ancestors to modern microservice architectures, except using unix stdio and other unix isolation mechanisms.
He's definitely opinionated, and I can understand people being annoyed with someone who is vociferous in their disagreement and questioning the motives of others, but given the occasional bad faith and subversion we see by large organizations in the cryptography space, it's nice to have someone hypervigilant in that area.
I generally think that if djb thinks something is OK in terms of cryptograpy, it's passed a very high analytical bar.
I started backing in because it was recommended in a defensive driving class I took in 2010 or so.
The wild thing is Republicans would probably keep the House if Miller et al let the illegal tariffs expire. The tax cut would probably even give the Fed room to cut rates. Not sure who in the White House is most directly pushing for these. But they're clearly hurting both America and Trump.
This reads very LLM-y, misses huge chunks of the story (multiple paragraphs on "clamping" and static ECDH, a single line on Ristretto and nothing on signature schemes, which is where that matters), has a breathless tone about Chapoly and Nacl that is totally unwarranted, misses almost all the NIST PQC drama, most of which was not in fact about hybrid cryptography, and in the end doesn't offer any analysis, just this bad re-telling.
My guess is someone had this generated as part of some dumb pressure campaign. It's weird.
(It's funny that people are chiming in to call this a "hit piece"; if anything, it's twisting itself into pretzels to be charitable to Bernstein's IETF involvement. I assume whoever generated it supports him.)
> If there is no real penalty for being a career criminal, people will continue to be career criminals.
I know this is a wild idea, but what if they had better options than career criminal for a living?
Americans are so invested in the penalties they can’t imagine the incentives approach.
Also write about rare New Zealand parrots and their excellent breeding season. Those posts don't tend to make HN though! https://simonwillison.net/tags/kakapo/
Because usually that is OS specific and not portable to be part of standard library that is supposed to work everywhere.
Portugal, Germany, Canada, Switzerland are the ones I am aware of.
Software Engineering degrees are certified by the Engineering Order, universities cannot call themselves that just because they feel like it, and any kind of legal binding documents when notarised required the professional validity.
It is... but then many people hook it up to their personal iCloud account and give it access to their email, at which point the container isn't really helping!
> It's all just a sprawling behemoth of a framework, because it tries to do everything.
I also interact with OAuth quite a bit at work. I also have dealt with SAML.
I'd pick OAuth over SAML any day of the week, and not just because OAuth (v2 at least) is 7 years younger.
It's also because OAuth, for all its sprawl, lets you pick and choose different pieces to focus on, and has evolved over time. The overall framework tries to meet everyone's needs, but accomplishes this via different specs/RFCs.
SAML, on the other hand, is an 800 page behemoth spec frozen in time. It tried to be everything to everyone using the tools available at the time (XML, for one). Even though the spec isn't evolving (and the WG is shut down) it's never going to go away--it's too embedded as a solution for so many existing systems.
I also don't know what could replace OAuth. I looked at GNAP but haven't seen anything else comparable to OAuth.
Yeah but what you just said is "I don't want to run Android", which, sure, you can do.
I was worried about the security risk of running it on my infrastructure, so I made my own:
https://github.com/skorokithakis/stavrobot
At least I can run this whenever, and it's all entirely sandboxed, with an architecture that still means I get the features. I even have some security tradeoffs like "you can ask the bot to configure plugin secrets for convenience, or you can do it yourself so it can never see them".
You're not going to be able to prevent the bot from exfiltrating stuff, but at least you can make sure it can't mess with its permissions and give itself more privileges.
> And the cohort most likely to vote well when they do
Eh, this is far from a given. Mao's Red Guards were passionate idiots. And America's young men are in thrall of Clavicular.
The most powerful empires in history have had large rebublics at their cores for good reason. The wisdom of a crowd greatly increases with its diversity.
> I don’t have a better one at hand
Perfect is the enemy of good. Claw is good enough. And perhaps there is utility to neologisms being silly. It conveys that the namespace is vacant.
> strongly doubt that this company runs their own weather stations or meteorological models. Their only recurring cost is API access to the companies that provide weather data
No. But I'd suspect a tabula rasa approach to weather–particularly given it hasn't been rolled out globally in one go–incorporates satellite data, local measurements, et cetera.
Again, that may not take constant subscriprtion. But it does take constant expert monitoring and awareness.
> Considering that there are many free weather APIs
If you're a glorified viewport into these APIs' data, you may be able to stick with their most-static data and fire and forget. In reality, what those outputs mean change as the models and techniques evolve. There are new APIs with new data constantly coming out, and they're often adding connectors.
> a weather app shouldn't have large maintenance costs that couldn't be covered by a one-time payment
The only way I see this working is if the user is explicitly aware the app can break at any time if one of the APIs change anything, which they often do, and that this may not cause any obvious failures, just a decay in the app's accuracy or usefulness.
I used to have a LinkedIn account, a long time ago. To register I created an email address that was unique to LinkedIn, and pretty much unguessable ... certainly not amenable to a dictionary attack.
I ended up deciding that I was getting no value from the account, and I heard unpleasant things about the company, so I deleted the account.
Within hours I started to get spam to that unique email address.
It would be interesting to run a semi-controlled experiment to test whether this was a fluke, or if they leaked, sold, or otherwise lost control of my data. But absolutely I will not trust them with anything I want to keep private.
I do not trust LinkedIn to keep my data secure ... I believe they sold it.
> is supposed to ship at the end of this year and there doesn’t even appear to be a real photo
Given they're "still finalizing the design and materials" and are not based in China, I think it's a safe bet that the first run will either be delayed or be an alpha.
gForth [0] is great for getting started
if you are working with specific hardware (e.g. microcontrollers) it depends on which forth dialects are available but for the raspberry pico and pico 2 I recently found zeptoforth [1]
or you know you can always bootstrap your own :)
[0] https://gforth.org [1] https://github.com/tabemann/zeptoforth
It's 5am in New York, not even the most dedicated anti EU Americans are up yet.
Or learn an array language and never worry about indexing or naming ;-)
Everything else looks disgustingly verbose once you get used to them.
You could "bootstrap" all the information required to produce the hardware to read this, by starting with human-readable instructions for the next step.
For me, OAuth was straightforward to understand once I realised that it's basically like a PKI with very short-lived certificates.
> after gathering a few TB worth of micro expressions it starts to complete sentences
Apple bought those for $2B.. coming to Siri.
Richard Stallman's "Right to Read" from 1999 is worth another read.
I don't recall many, if any, Github repos containing this emoji-vomit before the rise of AI, and likewise natural human conversations in forums and such were also not like this, so I find it very odd and distinctly unnatural. Where did this "vibe coded" style actually originate from?
If the best you can do with your life is have kids, that’s a choice. Struggle is optional, misery loves company. Plenty of folks have meaningful lives and happiness without kids.
You can put a garbage bag over them if you don’t want to sawzall the pole and dispose of the hardware.
https://www.defianceetfs.com/xmag/ is S&P500 minus the Mag 7.
Why would I fly an expensive drone close to a camera, fumble about for a minute trying to get it painted like a renaissance artist, when I can get a paintball gun for much less?
>It can mean moving within a class.
It can, but it's not how it's used most of the time, so kind of a pedantic distinction.
And many do not even want to "move within a class" that much. They'd be satisfied to keep their job and retain the same constant purchasing power and ability to buy food, feed family, pay rent/morgage, year after year.
>It takes more, not less, time to thoroughly review code you didn't write.
Nope, it takes way less. Else PR reviews would take as long as coding, which they obviously don't.
Writing 1000 lines, figuring out the nuances of the domain, fixing bugs, testing, takes way more time that reading and reviewing the resulting code.
Besides, you can even ask another agent to review it. Different brand of agent even.
> Every company building your AI assistant is now an ad company
Apple? [1]
>The whole goal is to provide links to external sources
For many the whole goal is the comments on those links.
>Prediction markets have been called "truth machines" because anyone who has information missing from the market can profit.
That sounds like "insider trading" machines, or "scam" machines, rather than truth machines.
Parent implies there might be some "boosting" involved, in which case, "upvote the conversations that you find to be more interesting" wont change anything...
Not saying this is the case, but it's what the comment implies, so "just upvote your faves" doesn't really address it.
You blame Democrats, I blame the people who voted for this and are shocked he did what he said he was going to do.
Mass deportation? Tariffs? Dismantling the government? Hate? All things he campaigned on. He is doing exactly what his voters were told he was going to do. Dems are going to win those votes? Unlikely, they’re not going to run a candidate that appeals to their values, which aren’t going to change.
> “He’s not hurting the people he needs to be”: a Trump voter says the quiet part out loud A Trump voter hurt by the shutdown reveals the real reason the president attracts hardcore supporters.
> The president’s particular brand of identity politics — the racist attacks on blacks and Latinos, the Muslim ban, his cruel treatment of women — similarly depends on negative rather than positive appeals. Antoine Banks, a political psychologist at the University of Maryland, wrote a book on the connection between anger as an emotion and racial politics. When politicians gin up anger, an emotion that necessarily has a negative target, voters tend to think about the world in more racial (and racist) terms. Trump makes his voters angry, he centers that anger on hated targets, and that makes them want to take his side.
> This is what makes Trumpism work. This is the dark heart of our political moment. Even people who are tremendously vulnerable themselves, like Crystal Minton, support Trump because of his capacity to inflict pain on others they detest. The cruelty, as the Atlantic’s Adam Serwer says, is the point.
https://www.vox.com/policy-and-politics/2019/1/8/18173678/tr...
https://www.nytimes.com/2019/01/07/us/florida-government-shu...
That would explain why I tried to get vulnerability notifications and instead all my code was streamed to Twitch.
> Melatonin pills seem to have extremely bad quality control:
Melatonin is treated as a dietary supplement in the US rather than a drug, and this seems to be a widespread problem with supplements, given the incredibly lax regulatory regime.
Claude is an excellent proofreader, but don't let a single word it generates hit your final copy. Use it to catch things and point things out, and for nothing more.
Same! And then I saw three near my house and thought "if they know where they are, why haven't they been removed???"
Then I clicked on one and saw it was the name of our local rock quarry. :)
> Yes but in practice they delegate this power to the executive.
No, they do not delegate the power to lay (set) taxes to the executive, they do assign the executive the function of collecting the taxes laid by Congress.
> Congress doesn’t run the IRS themselves after all
The IRS doesn't freely set taxes, it collects the taxes set by Congress.
which is not opposed to you being on Bluesky or Instagram or LinkedIn or wherever.
> You have not shown how a large scale collection of neural networks irrespective of their architecture is more deterministic
Its software. Without an external randomness source, its 100% deterministic excluding impacts of hardware glitches. This...isn’t debatable. You can make it seem non-deterministic by concealing inputs (e.g., when batching multiple requests, any given request is “nondeterministic” when viewed in isolation in many frameworks because batches use shared state and aren’t isolated), but even then it is still deterministic you are just choosing to look at an incomplete set of the inputs that determine the output.
“To simplify greatly, the strategy of non-violence aims first to cause disruption (non-violently) in order both to draw attention but also in order to bait state overreaction. The state’s overreaction then becomes the ‘spectacular attack’ which broadcasts the movement’s message, while the group’s willingness to endure that overreaction without violence not only avoids alienating supporters, it heightens the contrast between the unjust state and the just movement. That reaction maintains support for the movement, but at the same time disruption does not stop: the movements growing popularity enable new recruits to replace those arrested (just as with insurgent recruitment) rendering the state incapable of restoring order. The state’s supporters may grow to sympathize with the movement, but at the very least they grow impatient with the disruption, which as you will recall refuses to stop. As support for state repression of the movement declines (because repression is not stopping the disruption) and the movement itself proves impossible to extinguish (because repression is recruiting for it), the only viable solution becomes giving the movement its demands.”
https://acoup.blog/2026/02/13/collections-against-the-state-...