All: if you can't respond in a non-violent way, please don't post until you can.
By non-violent I mean not celebrating violence nor excusing it, but also more than that: I mean metabolizing the violence you feel in yourself, until you no longer have a need to express it aggressively.
The feelings we all have about violence are strong and fully human and I'm not judging them. I believe it's our responsibility to each carry our own share of these feelings, rather than firing them at others, including in the petty forms that aggression takes on an internet forum.
If you don't share that belief, that's fine, but we do need you to follow the site guidelines when commenting here, and they certainly cover the above request. So if you're going to comment, please make sure you're familiar with and following them: https://news.ycombinator.com/newsguidelines.html.
- debug@4.4.2 (appears to have been yanked as of 8 Sep 18:09 CEST)
- chalk@5.6.1
- supports-color@10.2.1
- strip-ansi@7.1.1
- ansi-regex@6.2.1
- wrap-ansi@9.0.1
- color-convert@3.1.1
- color-name@2.0.1
- is-arrayish@0.3.3
- slice-ansi@7.1.1
- color@5.0.1
- color-string@2.1.1
- simple-swizzle@0.2.3
- supports-hyperlinks@4.1.1
- has-ansi@6.0.1
- chalk-template@1.1.1
- backslash@0.2.1
It looks and feels a bit like a targeted attack.
Will try to keep this comment updated as long as I can before the edit expires.
---
Chalk has been published over. The others remain compromised (8 Sep 17:50 CEST).
NPM has yet to get back to me. My NPM account is entirely unreachable; forgot password system does not work. I have no recourse right now but to wait.
Email came from support at npmjs dot help.
Looked legitimate at first glance. Not making excuses, just had a long week and a panicky morning and was just trying to knock something off my list of to-dos. Made the mistake of clicking the link instead of going directly to the site like I normally would (since I was mobile).
Just NPM is affected. Updates to be posted to the `/debug-js` link above.
I think the conversation needs to change from "can't run software of our choice" to "can't participate in society without an apple or google account". I have been living with a de-googled android phone for a number of years, and it is getting harder and harder, while at the same time operating without certain "apps" is becoming more difficult.
For example, by bank (abn amro) still allows online banking on desktop via a physical auth device, but they are actively pushing for login only via their app. I called their support line for a lost card, and had to go through to second level support because I didn't have the app. If they get their way, eventually an apple or google account will be mandatory to have a bank account with them.
My kid goes to a school that outsourced all communication via an app. They have a web version, but it's barely usable. The app doesn't run without certain google libs installed. Again, to participate in school communication about my kid effectively requires an apple or google account.
I feel like the conversation we should be having is that we are sleepwalking into a world where to participate in society you must have an account with either apple or google. If you decide you don't want a relationship with either of those companies you will be extremely disadvantaged.
> In this context this would mean having the ability and documentation to build or install alternative operating systems on this hardware
It doesn't work. Everything from banks to Netflix and others are slowly edging out anything where they can't fully verify the chain of control to an entity they can have a legal or contractual relationship with. To be clear, this is fundamental, not incidental. You can't run your own operating system because it's not in Netflix's financial interest for you to do so. Or your banks, or your government. They all benefit from you not having control, so you can't.
This is why it's so important to defend the real principles here not just the technical artefacts of them. Netflix shouldn't be able to insist on a particular type of DRM for me to receive their service. Governments shouldn't be able to prevent me from end to end encrypting things. I should be able to opt into all this if I want more security, but it can't be mandatory. However all of these things are not technical, they are principles and rights that we have to argue for.
As the article mentions, privatised water companies have built no new reservoir capacity and relied on drawing from rivers and other sources.
What the article doesn’t mention is that pre-privatisation a new reservoir was built every year up to about 1960 and then every few years until privatisation in 1992.
So we are about 30 years behind in adding capacity to the system. This combined with the inadequate levels of investment in the system leading to enormous wastage, is the answer.
Water should never have been privatised. At least not without a framework for a national strategy for water. I suspect that wasn’t done because it would have made water companies and unattractive source of profit.
It was absolutely not just social media ban, it was mostly youth protesting against the corrupt government and unfairness, social media ban was one element that was against the freedom of speech, but it was right around the time where everyone was documenting the rich politicians, their business connections and their families that have been living lavishly and just inheriting the election seats from generation to generation and spinning beurocracy to their sides.
I was there a few hours ago. It was a class struggle, but it was bound to be spun up as "kids don't get facebook and throw tantrum".
The Patriot Act itself was supposed to be temporary and “narrow.” Two decades later it’s the foundation for a financial dragnet that assumes privacy is the problem rather than a basic right.
Just like encryption, once privacy becomes associated with criminality, you end up weakening security for law-abiding users and concentrating power in a few regulated intermediaries. That’s not healthy for innovation, or democracy.
By the way, a pet peeve of mine right now is that reporters covering court cases (and we have so many of public interest lately) never seem to simply paste the link to the online PDF decision/ruling for us all to read, right in the story. (and another user here kindly did that for us below: https://storage.courtlistener.com/recap/gov.uscourts.dcd.223... )
It seems such a simple step (they must have been using the ruling PDF to write the story) yet why is it always such a hassle for them to feel that they should link the original content? I would rather be able to see the probably dozens of pages ruling with the full details rather than hear it secondhand from a reporter at this point. It feels like they want to be the gatekeepers of information, and poor ones at that.
I think it should be adopted as standard journalistic practice in fact -- reporting on court rulings must come with the PDF.
Aside from that, it will be interesting to see on what grounds the judge decided that this particular data sharing remedy was the solution. Can anyone now simply claim they're a competitor and get access to Google's tons of data?
I am not too familiar with antitrust precedent, but to what extent does the judge rule on how specific the data sharing need to be (what types of data, for what time span, how anonymized, etc. etc.) or appoint a special master? Why is that up to the judge versus the FTC or whoever to propose?
It sounds great, but every time I see this argument, I end up going down the rabbit hole of actually studying how stablecoins operate. And every time, I come to the same conclusion: they always rely on trust in an off-chain oracle or custodian. At that point, a shared ledger implemented with traditional databases / protocols would be faster, easier, and more transparent.
Bitcoin (and possibly a few others) is one of the few uses of blockchain that actually makes sense. The blockchain serves the currency, and the currency serves the blockchain. The blockchain exists to provide consensus without needing to trust any off-chain entity, but the blockchain relies on computing infrastructure that has real-world costs. The scarcity of Bitcoin (the currency) and arguably-fictitious reward for participation in mining is the incentive for people in the real world to contribute resources required for the blockchain to function.
Any real-world value given to Bitcoin is secondary and only a result of the fact that (1) mining infrastructure has a cost, and (2) people who understand the system have realized that, unlike fiat, stablecoins, or 1000 other crypto products, Bitcoin has no reliance on trusted, off-chain entities who could manipulate it.
You trust your stablecoin's issuer that they hold enough fiat in reserve to match the coin? You might as well trust your bank, but while you're at it, remind them that they don't have to take days to process a transaction - they could process transactions as fast as (actually faster than) a blockchain. But I imagine most banks would point to regulation as a reason for the delays, and they might be right.
So what are stablecoins really trying to do? Circumvent regulation? Implement something the banks just aren't willing to do themselves?
There are lots of crypto skeptics on HN (and we ourselves were disappointed with crypto's payments utility for much of the past decade), so it might be interesting to share what changed our mind over the past couple of years: we started to notice a lot of real-world businesses finding utility in stablecoins. For example, Bridge (a stablecoin orchestration platform that Stripe acquired) is used by SpaceX for managing money in long-tail markets. Another big customer, DolarApp, is providing banking services to customers in Latin America. We're currently adding stablecoin functionality to the Stripe dashboard, and the first user is an Argentinian bike importer that finds transacting with their suppliers to be challenging.
Importantly, none of these businesses are using crypto because it's crypto or for any speculative benefit. They're performing real-world financial activity, and they've found that crypto (via stablecoins) is easier/faster/better than the status quo ante.
When founders put 996 in their job descriptions or Tweet about their 996 culture it’s a helpful signal to avoid that company.
The only time I’d actually consider crazy schedules was if I was the founder with a huge equity stake and a once in a lifetime opportunity that would benefit from a short period of 996.
For average employees? Absolutely not. If someone wants extraordinary hours they need to be providing extraordinary compensation. Pay me a couple million per year and I’ll do it for a while (though not appropriate for everyone). Pay me the same as the other job opportunities? Absolutely no way I’m going to 996.
In my experience, the 996 teams aren’t actually cranking out more work. They’re just working odd hours, doing a little work on the weekends to say they worked the weekend, and they spend a lot of time relaxing at the office because they’re always there.
I am extremely insulated from ads online and have been for about a decade. Once in a while I have to browse on a device that does not have an ad blocker or most of the times does not even let you install one. Seeing a website that is SEoptimised and heavily ad supported feels like walking into a crack den. That this is the normal experience for the vast majority of users is sad.
These claims wouldn't matter if the topic weren't so deadly serious. Tech leaders everywhere are buying into the FOMO, convinced their competitors are getting massive gains they're missing out on. This drives them to rebrand as AI-First companies, justify layoffs with newfound productivity narratives, and lowball developer salaries under the assumption that AI has fundamentally changed the value equation.
This is my biggest problem right now. The types of problems I'm trying to solve at work require careful planning and execution, and AI has not been helpful for it in the slightest. My manager told me that the time to deliver my latest project was cut to 20% of the original estimate because we are "an AI-first company". The mass hysteria among SVPs and PMs is absolutely insane right now, I've never seen anything like it.
To be very clear on this point - this is not related to model training.
It’s important in the fair use assessment to understand that the training itself is fair use, but the pirating of the books is the issue at hand here, and is what Anthropic “whoopsied” into in acquiring the training data.
Buying used copies of books, scanning them, and training on it is fine.
The issue is that American media/discourse paints a very distorted view of what life under authoritarian rule is like. The truth is in many countries, unless you’re some kind of minority, politically active, or in legal trouble, day-to-day life is mostly similar to life in the west. But people don’t want to hear that, because we want to feel better than them. Like we wouldn’t tolerate that kind of life.
Of course the most frustrating part about that is as the US and other western countries start sliding into authoritarianism, people deny it because they don’t feel like it’s authoritarian.
Edit: To clarify, I don’t think life is exactly the same - just that the consequences of authoritarianism are much more insidious than they’re portrayed.
History books can tell you facts that happened, but they can never truly tell you how it feels.
I feel we're riding a knife's edge and there's a hurricane brewing in the gulf of absurdity.
====
Incidentally, I feel like this is why it is so hard to actually learn from history. You can read about the 1918 'Spanish' Flu, but you think "we're smarter now". etc.
Most of the comments are focused on the supply of education. But I don't think the supply side is the problem, irrespective of teachers and high schools. There is more and cheaper education available than ever before. Nearly every highschooler has more access to learning that kings and emperors would have fought wars for less than 200 years ago. However,the United States, particularly in the last 50 years, seems to have fostered a culture averse to education. I believe the years long decline in test scores is a symptom of that cultural shift.
It has A19 Pro. A19 Pro has matmul acceleration in its GPU, the equivalent of Nvidia's Tensor cores. This would make future Macs extremely viable for local LLMs. Currently, Macs have high memory bandwidth and high VRAM capacity but low prompt processing speeds. Give it a large context and it'll take forever before the first token is generated.
If the M5 generation gets this GPU upgrade, which I don't see why not, then the era of viable local LLM inferencing is upon us.
That's the most exciting thing from this Apple's event in my opinion.
PS. I also like the idea of the ultra thin iPhone Air, the 2x better noise cancellation and live translation of Airpods 3, high blood pressure detection of the new Watch, and the bold sexy orange color of the iPhone 17 Pro. Overall, this is as good as it gets for incremental updates in Apple's ecosystem in a while.
I’m both sad and incredibly happy to read this. I lost my wife recently to a recurring metastatic melanoma. She was treated at MSK by an amazing team.
It was a terrifying diagnosis and literally would have been a guaranteed death sentence in 2017. In 2023, she had a very real chance of pulling through due to immunotherapy. Unfortunately some complications led to the worst outcome and we lost an amazing woman.
I remember that my wife said once that the everything she had on that journey was on the shoulders of those before. So maybe in some small way she helped with the research and a future mother, sister, wife, husband, son, dad will have hope where there was none.
The compute moat is getting absolutely insane. We're basically at the point where you need a small country's GDP just to stay in the game for one more generation of models.
What gets me is that this isn't even a software moat anymore - it's literally just whoever can get their hands on enough GPUs and power infrastructure. TSMC and the power companies are the real kingmakers here. You can have all the talent in the world but if you can't get 100k H100s and a dedicated power plant, you're out.
Wonder how much of this $13B is just prepaying for compute vs actual opex. If it's mostly compute, we're watching something weird happen - like the privatization of Manhattan Project-scale infrastructure. Except instead of enriching uranium we're computing gradient descents lol
The wildest part is we might look back at this as cheap. GPT-4 training was what, $100M? GPT-5/Opus-4 class probably $1B+? At this rate GPT-7 will need its own sovereign wealth fund
> a shared ledger implemented with traditional databases / protocols would be faster, easier, and more transparent.
Stablecoin is not a technology. It's an excuse. An excuse to do what banks do while not being regulated like a bank or using the infrastructure banks use. Similar to how Airbnb is not a technology but an excuse to do what hotels do without hotel's license.
So it makes no sense to compare it to database, a technology.
Will this excuse work? Banking is a heavily regulated field so it's less likely than Airbnb, but it's ultimately up to lawmakers.
Can someone that is actually interested in this explain the appeal? Thin on its own I get but thin with a giant bump 100% defeats the whole point for me. Seems clear at this point there is little hope of them engineering their way into thin cameras.
One of the most insidious parts of this malware's payload, which isn't getting enough attention, is how it chooses the replacement wallet address. It doesn't just pick one at random from its list.
It actually calculates the Levenshtein distance between the legitimate address and every address in its own list. It then selects the attacker's address that is visually most similar to the original one.
This is a brilliant piece of social engineering baked right into the code. It's designed to specifically defeat the common security habit of only checking the first and last few characters of an address before confirming a transaction.
The lid angle sensor is also serialized to the motherboard: you cannot replace it, or the motherboard, without performing calibration, which can be performed by an apple authorized service provider, or alternatively, in Europe (and elsewhere where Apple offers parts for self-service repair), you can purchase the sensor from Apple, connect the machine to the internet after replacing it, to then perform the calibration, only if the sensor was purchased from Apple.
So the hardware is capable of performing the calibration, Apple just does not graciously grant you the right to install a recycled or third party sensor in your machine.
But we have to make an effort in the United States. We have to make an effort to understand, to get beyond, or go beyond these rather difficult times.
My favorite poem, my -- my favorite poet was Aeschylus. And he once wrote:
"Even in our sleep, pain which cannot forget falls drop by drop upon the heart, until, in our own despair, against our will, comes wisdom through the awful grace of God."
What we need in the United States is not division; what we need in the United States is not hatred; what we need in the United States is not violence and lawlessness, but is love, and wisdom, and compassion toward one another, and a feeling of justice toward those who still suffer within our country ...
We can do well in this country. We will have difficult times. We've had difficult times in the past -- and we will have difficult times in the future. It is not the end of violence; it is not the end of lawlessness; and it's not the end of disorder.
But the vast majority of [people] in this country want to live together, want to improve the quality of our life, and want justice for all human beings that abide in our land.
And let's dedicate ourselves to what the Greeks wrote so many years ago: to tame the savageness of man and make gentle the life of this world. Let us dedicate ourselves to that, and say a prayer for our country and for our people.
I 100% agree. I've ran into the same issues, and I would never use Next.js for anything, and I will encourage every team at work to use something else.
In general Next.js has so many layers of abstraction that 99.9999% of projects don't need. And the ones that do are probably better off building a bespoke solution from lower level parts.
Next.js is easily the worst technology I've ever used.
There has been this trend recently of calling Wikipedia the last good thing on the internet.
And i agree its great, i spend an inordinate amount of my time on Wikimedia related things.
But i think there is a danger here with all these articles putting Wikipedia too much on a pedestal. It isn't perfect. It isn't perfectly neutral or perfectly reliable. It has flaws.
The true best part of Wikipedia is that its a work in progress and people are working to make it a little better everyday. We shouldn't lose sight of the fact we aren't there yet. We'll never be "there". But hopefully we'll continue to be a little bit closer every day. And that is what makes Wikipedia great.
This is an astonishing victory for Google, they must be very happy about it.
They get basically everything they want (keeping it all in the tent), plus a negotiating position on search deals where they can refuse something because they can't do it now.
Quite why the judge is so concerned about the rise of AI factoring in here is beyond me. It's fundamentally an anticompetitive decision.
If you're going to use SQLite as an application file format, you should:
1. Enable the secure_delete pragma <https://antonz.org/sqlite-secure-delete/> so that when your user deletes something, the data is actually erased. Otherwise, when a user shares one of your application's files with someone else, the recipient could recover information that the sender thought they had deleted.
2. Enable the options described at <https://www.sqlite.org/security.html#untrusted_sqlite_databa...> under "Untrusted SQLite Database Files" to make it safer to open files from untrusted sources. No one wants to get pwned when they open an email attachment.
3. Be aware that when it comes to handling security vulnerabilities, the SQLite developers consider this use case to be niche ("few real-world applications" open SQLite database files from untrusted sources, they say) and they seem to get annoyed that people run fuzzers against SQLite, even though application file formats should definitely be fuzzed. https://www.sqlite.org/cves.html
They fail to mention any of this on their marketing pages about how you should use SQLite as an application file format.
At $org, we too are undertaking a mandatory RTO order, enforced with door access logs.
People are up in arms, particularly those in our smaller locales, where the offices we have are perfunctory at best.
The rationale is the usual one: collaboration, watercooler chat, unspecific evidence / "research" about productivity (that we are told definitely exists, but is yet to be shared).
I remain baffled by executives' obsession with RTO... C suites are committed to spending as much as possible on real estate and geographically limiting their talent pool. Whilst making workers more tired and less productive.
I still have no idea where it comes from. My best guess is that nobody at that level wants to break ranks with the "collective wisdom" of "investors", which creates a kind of groupthink.
(An RTO mandate is also an excellent thing for a CEO to show investors they are doing, if they are not making money and lack better ideas.)
By non-violent I mean not celebrating violence nor excusing it, but also more than that: I mean metabolizing the violence you feel in yourself, until you no longer have a need to express it aggressively.
The feelings we all have about violence are strong and fully human and I'm not judging them. I believe it's our responsibility to each carry our own share of these feelings, rather than firing them at others, including in the petty forms that aggression takes on an internet forum.
If you don't share that belief, that's fine, but we do need you to follow the site guidelines when commenting here, and they certainly cover the above request. So if you're going to comment, please make sure you're familiar with and following them: https://news.ycombinator.com/newsguidelines.html.