This is a non-fiction piece, not really a news story. So not everyone's cup of tea. Joan Didion style. I enjoyed it.
I would summarize it as not being about AI per se. It's nominally about "rationalism," or the inclination to boil everything down to mathematics to an extreme degree. The story points out a growing subculture of rationalist who have become quite radicalized.
For a community like HN, which (rightly, IMO) places high value on rational and critical thought, it can seem strange that there could be a degree at which that sort of thinking is harmful. But there are a lot of examples where taken to an extreme, it can allow people to "rationalize" all sorts of actions. And the article goes into detail about some of the pitfalls this small group fell into.
A side note about my perspective: I studied economics as an undergrad at a time when the Northwestern "pure rationalism" school of thought completely dominated. Some of the conclusions from purely mathematical models built high on dubious assumptions were ridiculous on their face. But anything outside that dogma was heresy and treated as such. Academics were shunned, careers ruined.
It was a few years later that "behavioral economics" began to make inroads. The moniker of "behavioral economics" itself was to distinguish it from "real economics." Alas (for the establishment), behavioral economics proved very popular, and the genie was out of the bottle. It turns out mathematic equations are not all-powerful when it comes to describing certain phenomena, especially when it comes to individual or collective human behavior.
Collective blind faith in models built on dubious assumptions is what gave us the mortgage crisis.
And then the software would never be widely adopted.
FOSS is what it is and the dynamics around it haven't really changed.
What has changed is people wanting the rapid adoption rate possible from being FOSS without actually... being FOSS. I'm sorry, I have zero sympathy. If you want your product to be a paid product, just charge for it. What's that? No one would try it? Just give a free trial. What's that? Not enough people would use it for there to be this large community of people providing help, and tutorials, and addons/extensions/plugins, etc.?
The freeloaders are the people releasing their software as FOSS, using the community to get big, and then wanting to change their minds about it.
You can also use webhooks to deploy with each GitHub push. The advantage over GitHub actions is you don’t have to store any secrets on GitHub or with integrators like Vercel. Just send a payload to your own endpoint each time a commit is made, and that can trigger your shell script to rebuild and deploy. Using symbolic links helps make it more robust to errors. Trigger a pull of the repo, and build. Only if the build is successful, move the symbolic link of your production app to the new build. This also allows keeping some history of builds in case you ever need to troubleshoot.
Larry Summers has a track record of not believing in market failures, just market opportunities for private interests. Economists vary vastly in their belief systems, and economics is more politics than science, no matter how much math they try to use to distract from this.
This doesn’t seem like a real fix for the issue. This brings the number of spoofable sites way down from all MC users to just those who send mail through CF. But it is still a big vulnerability.
For any domain that is using mailchannels through cloudflare, you can see what region they are using. And you can continue to spoof them. You just have to do it from the same region.
And this is terrible positioning from Cloudflare’s POV. Why would anyone send email through a CF worker since it requires advertising through a public record (DNS) that is by design accessible/scrapable by bots that you are using an insecure service. It’s like asking people to spoof you.
I don’t get why CF doesn’t do something more sensible, like limit sender addresses to domains that are already set up in the cloudflare account where the worker was created. Basically every other provider does this.
This might be the impression on first glance because it uses the word "state." But keep reading, and its much more akin to what Solid is doing. In fact, the new docs openly credit the work Solid's team is doing. They also credit Knockout's approach form way back in 2010.
Under the hood it's doing something more similar to solid, but the API exposed is a step in the direction of React (it doesn't expose the signals to the user). It's not quite React either because there's no 'setter', just a different way to opt in to reactivity which also (IIUC) makes it possible in .js/.ts files
For a second, ignore Hooks, Signals and Runes, and look at the way Runes were presented in the video "Introducing Runes.. with Rich Harris". You will find this presentation very similar to but much shorter than "React Today and Tomorrow and 90% Cleaner React With Hooks" video. Both of them talk about:
1. primitives for managing state - $state vs useState
2. removal of lifecycle mechanisms - onMount vs componentDidMount
3. replacing lifecycle mechanisms with new primitives - $effect vs useEffect
It's like the Svelte team took a leaf out of React team's book on how to upgrade a framework - this is evident by the way these features are presented as opt-in like how React marketed Hooks as opt-in. I would go on to predict that the upgrade to Runes will just like the upgrade to Hooks. Developers will use it and then love it - because it presents improvements to the way codebases will be structured and maintained just like React did with Hooks. This is really a Hooks moment for Svelte. Good job Rich and the Svelte team!
I used to think info about whether an account exists should not be leaked in the password reset flow, and I designed sites this way, but then someone pointed out that in practice a hacker would then just move to the account sign up flow to check for the existence of an account. (If account exists, you cannot make another with that email on most sites.) I never had a good response for that. I now lean toward the idea that not providing info is just not worth the bad UX.
> If account exists, you cannot make another with that email on most sites.
Many sites require you to verify your email before you can use your account. If you wanted to avoid leaking whether an account existed, you could show them a message like "if this account doesn't already exist, a message has been sent to your email asking you to verify it". If the account did exist, you might send an email like "someone tried to create an account with your email".
I work a lot with startups/small companies, but not necessarily tech savvy ones. They have a hard time understanding at first why they are so targeted with phishing attempts. Often times, leadership comes from big roles at larger companies, and they are anchored in their previous experience at big company. They don't understand why anyone would bother targeting little co.
I try my best to explain why little co is actually a far more ideal target. They are hiring quickly, and unlike at a big company, it is likely that even junior new employees might expect to have some interaction with the CEO. An email supposedly from the CEO at big company would be obvious spam for most employees, but not at a startup. And the information exists to make these targeted emails believable, and IT ALL COMES FROM LINKEDIN.
As soon as a new hire updated their employer to little co on LinkedIn, they would be targeted relentlessly.
ignorant question perhaps, but what makes the CEO of a small company so much juicier a target than a senior manager or director at a large one? both could have access to sensitive info, ability to spend a lot of money before it's noticed, etc.
At any given level, people in startups tend to have more actual power/authority, with fewer or no processes or procedures already in place to slow them down. This is part of why startups are effective at building/changing things, but it's also a social engineer's dream.
React borrowed these concepts from Solid, SvelteKit, and Remix.
Not that there’s anything wrong with that. It’s pushing things forward. (And by forward, I mean, yes, also a little backward. We had server-side dominance with php, etc., then frontend-only with Vue/React… Now we finally get to serve our cake and consume it, too.)
I sometimes hear snarky comments about the proliferation of all these frameworks. But here is the tangible benefit of that “competition.” (Really more cooperation than competition)
More like React scrambled to add a feature to check a box in a comparison chart with the upstarts no matter how cumbersome or disruptive the API changes ended up relative to existing codebases.
The new frameworks were poised to eat React's lunch, they knew it, and they needed something quick to hold back the rising tide.
They may succeed, but only due to inertia, not a better/cleaner solution.
I would summarize it as not being about AI per se. It's nominally about "rationalism," or the inclination to boil everything down to mathematics to an extreme degree. The story points out a growing subculture of rationalist who have become quite radicalized.
For a community like HN, which (rightly, IMO) places high value on rational and critical thought, it can seem strange that there could be a degree at which that sort of thinking is harmful. But there are a lot of examples where taken to an extreme, it can allow people to "rationalize" all sorts of actions. And the article goes into detail about some of the pitfalls this small group fell into.