Looks great, and I love the `zsh` support! Took a note to whip up a Sublime plugin for this when I get a chance. Congrats on shipping something, seriously.
Out of curiosity: how in the name of the good lord above did you end up with 1,163 commits on this repo in the span of 3 weeks, all by yourself? I was assuming Claude commits given the `./.claude/skills` dir, but doesn't Claude usually sign it's own commits as a collaborator?
I'm really not worried about `uv` and `cpython` -- their processes are robust, their response times fast, and (now) their funding significant
I'm worried about, say, `mdformat` (a widely used formatter mostly maintained by one person in their spare time), not to mention some super-specific dependency that hasn't been updated in years and is 3 levels deep in your dep tree. I really don't want to pin & manually approve every single update for an app that's under active development, but it's beginning to look like that's mandatory for any serious app.
In the meantime, I've gotta go get my API keys out of my unencrypted `.env` files! Getting burned on a large, consumer-facing webapp would be embarrasing but logical, but losing hundreds to thousands of dollars because of some indirect dependency of some silly one-off demo repo that just happens to be on the same host & system as my `.env`s... oof.
Anyone know if OAI or Anthropic will refund you if you get your keys stolen like this? Or is it user error?
With HN ettiquette in mind, I must make an exception: this is a case where skimming the first parts of the article would help a lot!
The public repo path is just one of four parallel paths, with the goal of getting around any barriers:
The exfiltration component shares its design with the "Mini Shai-Hulud" mechanism from their last campaign, using four parallel channels so stolen data gets out even if individual paths are blocked.
The whole point of a patent is encouraging progress through disclosure of knowledge.
Is it, though? It seems like the purpose of a patent is pretty direct: make money for people(/corporations...) who invent things.
I guess you could argue that inventors would hide their designs without patents, but that's not how any industry I'm familiar with works; if they thought that obscurity was an option, they'd stick with it and just label it a trade secret!
Yes, that is the purpose. It incentives R&D by providing a sanctioned monopoly on the result. The trade in return is that the public domain gets access to the trade secret after enough time has passed to provide the inventor with reward for their investment risk.
The problem is the time has been repeatedly extended across the world to the point that society gets very little from this arrangement.
At this point we're better off removing the concept of IP entirely.
The original idea was "we protect the invention so the companies have guarantee that their investment in the innovation pays off".
The assumption was the invention was something rare and hard, not something you could re-recrate from scratch in a week or evening (in case of software invention) or that patent is only filled to cast a wide net to block the competition
> It offers a bargain between society and inventor:for a limited period of exclusivity, the inventor agrees to make the invention public rather than to keep it secret.
In today's world patents are mostly dysfunctional, or straight malignant. They tend to slow, discourage progress and selectively aid large corporation who can afford the legal warfare. They have become also less informative, more vague, so really the bargain with the collective is off now.
Modern patent law came from 15th century Venice, where in the 13th century the glassmaker’s guild took trade secrecy so seriously that they decided that any glassworker who left the city without permission was to be hunted down and killed if imprisoning their family didn’t convince them to return.
Obscurity is otherwise known as "trade secret". It's used when the company really doesn't want to give anyone even a hint of what and how it's doing things, maybe going as far as assuming nobody can figure out the process independently either, so filing for a patent is out of the question. The Coca Cola formulation is a famous example.
I'm an anti-advertising zealot (#BanAdvertising!) but I share `brookst`'s view on this not being much of a concern. Brand advertising does exist (as opposed to 'performance' or 'direct' ads), but there's a few reasons why trying to sell ads baked into SotA language models would be a hard sell:
1. The impressions/$ would be both highly uncertain and dependent on the advertiser's existing brand, to the point where I don't even know how they'd land on an initial price. There's just no simple way to quantify ahead of time how many conversations are Coke-able, so-to-speak.
2. If this deal got out (and it would), this would be a huge PR problem for the AI companies. Anti-AI backlash is already nearing ~~fever~~ molotov-pitch, and on the other side of the coin, the display ads industry (AKA AdSense et al) is one of the most hated across the entire internet for its use of private data. Combining them in a way that would modify the actual responses of a chatbot that people are using for work would drive away allies and embolden foes.
3. Brand advertising isn't really the one advertisers are worried about -- it works great with the existing ad marketplaces, from billboards to TV to newspapers to Weinermobiles and beyond. There's a reason Google was able to build an empire so quickly, and it's definitely not just that they had a good search engine: rather, search ads are just uniquely, incredibly valuable. Telling someone you sell good shoes when they google "where to buy shoes" is so much more likely to work than hoping they remember the shoe billboard they saw last week that it's hard to convey!
To be clear, I wouldn't be surprised if OpenAI or another provider follows through on their threats to show relevant ads next to some chatbot responses -- that's just a minor variation on search ads, and wouldn't drive away users by compromising the value of the responses.
> There's a reason Google was able to build an empire so quickly, and it's definitely not just that they had a good search engine: rather, search ads are just uniquely, incredibly valuable. Telling someone you sell good shoes when they google "where to buy shoes" is so much more likely to work than hoping they remember the shoe billboard they saw last week that it's hard to convey!
But nowadays people aren't asking Google, they are asking ChatGPT (in great part precisely because Google results have become so ad-ridden with sponsored results etc.).
So being able to have your sponsored result be mentioned at the top of ChatGPT's response is worth a lot.
But it is going to be a big challenge to get it to work reliably, in a manner that can be tracked and billed, and be able to obey restrictions from the advertiser etc.
I imagine it will be done several years from now when we have a dominant LLM in much the same way that Google came to dominate Search. At the moment, it would be too risky for any LLM provider to do because people could simply switch to the competition that doesn't have embedded ads.
Yes, but to nitpick slightly: the focus of this protocol is to let people use their own data with social media sites. It might not matter much while the site is active, but separating data ownership from the site makes moving platforms in the future much, much more feasible. Data like posts, friends lists, block lists, likes, comments, etc.
Obviously, this was informed by people's experiences with Twitter, especially the early power users who built strong communities and then felt trapped.
though technically your data lives within Bluesky's servers (kind of like your money lives in a bank) so in some ways it's still the bank's money though it's allotted to you
Can you speak to your feelings on Zed's customizability/extensibility? Zed is shiny and impressive, but Sublime's rich ecosystem of python plugins is hard to beat...
EDIT: Tho if sublime wasn't already "doing everything [you] need", maybe you aren't familiar with the plugin ecosystem!
I used Sublime Text since ST2, and bought into ST3. It just felt stale compared to Visual Studio or any JetBrains IDE. I loved the speed, but at least back when I was using it, LSP wasn't as big and so I didn't have that at my fingertips.
With Zed all the high quality features are OOTB. For example, with Python they run some high quality linters out of the box, I don't even have to think about setting anything up, I don't even thing I have installed a single plugin for Zed outside of themes. It's a very batteries included text editor.
Not the OP, but for me ST can't be beat in terms of how easy it is to write a plugin. It uses Python (Zed is Rust). Plugins generally auto-reloads. If extensibility is important to you, ST is still the way to go.
Yup, it is genuinely convenient that Waymo doesn't rely on an unpopular payroll tax for funding while the bus system does
To be fair, it gets far more subsidies from the government in general by simple virtue of being a car, they're just A) longterm and thus assumed and B) less visible in general. So I'd say the connection between transit and controversial taxes is arbitrary, really--I'll grant you "convenient", but definitely not genuinely-so!
Portland car infrastructure in particular does get a little love from me just because of how damn impressive some of it is (namely the mountain passage to the west and the complex bridge interchanges on the east side) but it's still car infrastructure.
Road maintenance isn't a subsidy, it's a collective good that buses also benefit from along with many other types of human transport. This is separate from the cost to the government of running a bus system, which is exactly what large numbers of people really don't want to pay an additonal tax for and are therefore voting against.
However, busses do tremendously greater wear and damage to roads than cars, and if everyone used busses exclusively the cost of road maintenance and repair would likely go up.
I'd also argue we'd need the same amount of roads, but those roads (mostly highways) could be smaller/fewer lanes.
If the road is privatised by the virtue of it being mostly used by private companies like Waymo (in the future) then they can foot the bill for road construction and maintenance.
State and local governments spend a truly obscene amount of money building and repairing roads, and set aside a nauseating amount of publicly owned land to serve as roads, street parking, and parking lots. Those of us who don't frequently drive get some benefit from the roads, sure, because of the efficiencies of shops needing deliveries and whatnot, but not anything close to proportional to what drivers get out of it. And we accept this as the default way that things should be, whereas we assume that public transit needs to "pay for itself".
Road wear and tear increases as the fourth power of axle load. Are you counting the spending on bus stops, bus parking, dedicated bus lanes, and more on the other side of the ledger?
In FY25, according to their budget [1], TriMet - the Portland public transit authority - spent $19M on bus services.
In that same budget, PDOT spent $56M on streets, signs and streetlights, before you even consider the $242M spent on "asset management" - which appears to generally be capital improvements; i.e., rebuilding roads [2, page 509].
I don't care what fraction of that wear and tear is due to buses, it's not remotely close. And in any case, by the same fourth-power law, private 18-wheelers do astronomically more damage than buses.
And yes, PDOT makes revenue back from some of those things, so it's not all straight from the city general fund, but it doesn't matter in any practical way. They don't have revenues broken down as far as I'd like on that budget - there's one big $89M line item for "charges for services", which appears to include parking meters as well as tram fare - but the vast majority of their budget still comes from taxes plus "intergovernmental" sources (aka state and federal money, aka taxes).
> Those of us who don't frequently drive get some benefit from the roads, sure
Where "some benefit" includes transportation and delivery of every single product necessary for daily life as well as garbage removal of the same products.
Yes. Roads are subsidized; the true cost of building and maintaining roads comes from general funds, not just from vehicle registrations and gas taxes (which of course Waymo doesn’t pay, being righteously electric).
So you pay Waymo, they pay a few hundred dollars a year per car in registration, and you benefit from billions of dollars a year in highway funds from both state and federal sources.
Good point about electric. Maybe a tax on tires would be more fair, but that would lead to some dangerous behavior.
Waymo and I pay a lot in state and federal taxes. Shouldn't that work out that we're paying for a shared resource we use even if the proportional accounting is not exact?
But in any event, cars and roads are massively subsidized, such that drivers get far more than they pay for. See for instance: https://www.cbo.gov/publication/59667
Roads are paid for out of the general fund, meaning that even those (few) who don’t use them pay for them, which I’d call a subsidy (as opposed to self-supporting). That’s not necessarily a bad thing; the same is true for many programs that support low-income people, and I think that’s great. But it’s still fair to call it a subsidy.
What you built was a community, not a website owned by Microsoft — it could port just fine to GitLab.
“I won’t leave, I’ll fight to make this place better!” is a laudable trope ofc, but in this case you’re not making any place better, you’re just defending shareholder value. IMHO :)
Out of curiosity: how in the name of the good lord above did you end up with 1,163 commits on this repo in the span of 3 weeks, all by yourself? I was assuming Claude commits given the `./.claude/skills` dir, but doesn't Claude usually sign it's own commits as a collaborator?
reply