It’s an approach that works and I’ve thought of implementing the same thing but stopped short because I feel it just pushes the underlying problem around. Now I have to share my creds with a black box that I know very little about and it’s not a real vault.
This should be solved by the vaults (hashi corp / AWS Secrets Manager).
The one thing that I did build was based on a service that AWS provides (AWS STS) which handles temporary time bound creds out of the box.
It took me a minute to recognize this as satire (thank you HN comments). However it does actually make sense - maybe this could be a way for OSS devs to get paid.
What if we did build a clean room as a service but the proceeds from that didn't go to the "Malus.sh" corporation, but to the owners / maintainers of the OSS being implemented. Maybe all OSS repos should switch to AGPL or some viral license with link to pay-me-to-implement.com. Companies that want to use that package go get their own custom implementation that is under a license strictly for that company and the OSS maintainer gets paid.
I wonder what the MVP for such a thing would look like.
This site is not satire. You can actually pay on Stripe and it will create code for you. The site is written with satirical language but it is a real service.
I consider this a form of performance art. To really expose the absurdity of the system, you can't just point at the cracks; you need to actually stick your fingers in.
Yes it's even more effective this way IMO, we will probably see some 11/10 mental gymnastics from people condemning this and failing to apply the same standards to billions dollars corps.
Part of the point here is that the systems are fundamentally broken, more broken than they were before when we already thought they were broken.
Some people look at that and think "I suppose we should keep propping this system up as much as possible; the less propping the more immediate harm is caused to people/infrastructure/society".
The people behind this site/talk clearly don't buy into that. The way they see it, a reckoning must come. We might as well get it over with as soon as possible. Rip off the band-aid so to speak. So maybe we should shake the system and show that its falling apart.
I am only 50% certain that your idea is expanding on the satire, if not: project owners can provide dual licensing. I'm sorry if you are serious and didn't understand you.
After bogo-sort, it's the most badness-maximising "solution" I've ever come across. Why bother asking for the creator's consent to copy and run the original bytes, when you could instead ask for their consent to have a robot that no one understands and could potentially do anything read a few paragraphs of text describing what those bytes do, imagine how it might work, and try to build something resembling that from scratch, using a trillion or so times more energy.
// VibeSort
let arr = [51,46,72,32,14,27,88,32];
arr.sort((a,b)=>{
let response = LLM.query(`Which number is larger, number A:${a} or number B:${b}. Answer using "A" or "B" only, if they are equal, say "C".`);
if(response.includes('C')) return 0;
if(response.includes('B')) return -1;
if(response.includes('A')) return 1;
return 0;
});
console.table(arr);
The energy thing won't sail. A backhoe or front-loader uses far more energy than the equivalent human labor, but having higher energy solutions available is what technological civilization does.
Arguably Cowen's "Great Stagnation" was driven primarily by not embracing higher energy provision in the form of fission.
Copyleft was intended as a principle to keep the software free (as in 'freedom'). Proposing to lock out certain areas of the codebase is directly opposite to this principle.
LOL. Same here. But the footer disclaimer and testimonials gave it away immediately:
> "We had 847 AGPL dependencies blocking our acquisition. MalusCorp liberated them all in 3 weeks. The due diligence team found zero license issues. We closed at $2.3B." - Marcus Wellington III, Former CTO, Definitely Real Corp (Acquired)
> This service is provided "as is" without warranty. MalusCorp is not responsible for any legal consequences, moral implications, or late-night guilt spirals resulting from use of our services.
This site is not satire. You can actually pay on Stripe and it will create code for you. The site is written with satirical language but it is a real service.
This could work out great, because the OSS devs can focus on building their project instead of marketing to businesses, running sales processes, consulting on implementation and supporting the implementation. No need to find corporate sponsors either.
Lol so instead of paying maintainers who already built the thing you want, we instead charge you to use AI to make countless copies of maintainers’ work and direct the profits back to the maintainers? That sounds like true satire.
There should be a "flag as AI" link in addition to "flag" and then a setting for people to show flagged as AI. Once the flagged as AI reaches a certain threshold then it disappears unless you enable "Show AI".
Maybe once enough posts have been flagged like that then that corpus could be used to train an AI to automatically detect content generated by AI.
That would be cool.
Maybe the HN site wouldn't add this feature but if someone wrote a client then maybe it could be added there.
> We're going to add that. I've resisted adding reasons-for-flagging for years, but even I can change my mind every decade or so.
You need a reason that means "this person is talking about something helpful that an admin needs to fix." Flagging currently has a negative connotation (too many flags and the comment gets deleted), but sometimes you want to flag a comment that says something like "the link is broken and should be X" to just bring it to admin attention without the implied negative judgement.
Flag as AI would be incredible and is probably unique to software-focused forums. Saves everyone who wants it a lot of time. Still allows cool content to reach the front page with some visibility or escape some moderation queue.
Thanks for not standing still on this issue. The world is changing, fast, and glad HN responded quicker than some forums on a cogent stance.
I do sort of like the idea (suggested by mthurman) that we let users prompt HN to be the kind of HN they want. That could be the ultimate dump of long-requested features (dark mode! tags! blocklists!)
My radical opinion is there shouldn't be 2 flags, there should be N flags, user defined, so that we can flag humor/satire/factuality/insight/political and a bunch of other things. I fully realize that's not going to fly any time soon.
Adding AI in addition to the standard up/downvote and flag seems a reasonable thing.
That sounds like /.'s moderation system. Not that I disagree, theme based filtering could be fun but also encourages things like meme threads that you'd see on reddit under the guise of "Just filter funny out and let us have fun".
I think the up/downvote system is good enough for that - good posts go up, bad posts go down, really bad posts that nobody should see and whose poster should get banned get flagged.
‘Flag’ is an algorithmic flag only, and there are no humans in the flag algorithm’s processing loop. They may monitor and react to the ‘queue’ of flagged articles, and they can do special mod things with flagged posts. But if you want to report a guidelines violation for AI-assisted writing to the mods, just email the mods (contact link in the footer) subject “AI-assisted writing flag” or similar with a link to the post/comment. It works, I know, I’ve done it before. It takes maybe 60 seconds and there is no other way on the site (seemingly by OG design!) to guarantee human review but that email.
> It works, I know, I’ve done it before. It takes maybe 60 seconds and there is no other way on the site (seemingly by OG design!) to guarantee human review but that email.
It's a ton of friction compared to ordinary use of a forum; and while I've emailed several times myself, it comes with a sense of guilt (and a feeling that my "several" is probably approximately "several" above average).
Valid. It’s a big drawback of HN. I find it helps to report a perceived guidelines violation in “seems like” language rather than “is”, without demanding a specific mod outcome, in cases where I’m uncertain. That is noticeably distinct from “this is completely unacceptable” which I’ve said in a couple of instances, though I still tend to let the mods pick the outcome since that’s their job and I make a specific effort not to participate in sentencing decisions if at all possible.
ps. I acknowledge as well that I’m exempt from feeling guilt for brain reasons, and so if it sounds like I’m not honoring what I would describe as a ‘completely normal’ human response, apologies; I’m trying my best given the lack of familiarity and intend no disrespect towards that reaction.
Nah, as long as you aren’t demanding and rude, you’ll either get a reply or not, and if you get a reply, it’ll either be “we’ll look into it”, “we looked into it and acted in some way”, or “we looked into it and decided it isn’t actionable”; often with some supporting explanation.
(I suppose if you open with e.g. “wtf is wrong with you mods” they might well ask you to reconsider your approach or else clock a ban — I’ve never tried that!)
Age Verification is very hard to do without exposing personal information (ask me how I know). I feel it should be solved by a platform company - someone like Apple (assuming we trust apple with our personal information but seems like we already do) - and the platform (ios) should be able to simply provide a boolean response to "is this person over 18" without giving away all the personal information behind the age verification.
Now the issue of which properties can "ask to verify your age" and "apple now knows what you're looking at" is still an unsolved problem, but maybe that solution can be delivered by something like a one time offline token etc.
But again, this is a very hard problem to solve and I would personally like to not have companies verify age etc.
I think item #2 in your list is the real kicker here. Given that AI can write code the threshold for "trivially replicable" is going down.
Unless your thing has strong network effects or a large capex requirement (ex: GPU infra) its easily replicated and I think that's really what makes things hard.
This is not new. When I started my first company in 2012 it was bootstrapped and getting anyone to pay attention to what I was building was almost impossible. I had to pound the pavement and meet people in person at coffee shops and pitch to get my first few users.
Then when I raised from a16z and had some money in the bank it didn't get any easier. The money didn't help (maybe it wasn't enough). Ad spend or content marketing or paid channels were all hard regardless of the free vs paid.
Maybe I just wasn't good at it.
That was before AI and you had to manually pound the bits into place.
Now with AI yes there are a lot of people shipping a lot of things but humans can tell when someone's put effort into something vs not and the time to traction is still as high as it always was.
Someone should do some analysis on number of things that go "viral" or gain adoption quickly today vs 5 / 10 years ago.
Getting traction has always been hard. Thats just business.
Maybe there should be some sort of filter for certain high volume posts types - for example: Github repos. A Github Repo (or OSS) project must have a certain number of stars / forks / watchers whatever before it will appear on Show HN.
If you can't get atleast 20 stars then its probably not ready for the wider world to see it.
I'm sure there's problems with that approach but the current situation doesn't seem to be working.
Disclaimer: I tried to do a Show HN today and it didn't make it (and to be fair I wouldn't have made it past the filter I proposed above so I guess its working).
I actually did this (around 2006) after reading this article by Joel and I was skeptical but I used excel and wrote down all the tasks that needed to be done and kept breaking it down till each task was in hours.
It took me a few hours to do and as Joel says in the article, it was not a fun thing to do (jumping right into code was more fun) but I stuck with it and did the whole thing.
Then I followed that list of tasks and kept track of when tasks started and ended and I was pleasantly surprised when after a few weeks the project was done right on schedule as predicted by the excel sheet. So my experience (data point of 1) was that it works if you do it exactly how he says to do it in the blog post.
I did it only that one time so take that for what it is.
I was in the same boat as you. I tried Fastmail and they have a really great tool that just did it. I was skeptical but after I tried it was very pleased. Give it a shot.
This should be solved by the vaults (hashi corp / AWS Secrets Manager).
The one thing that I did build was based on a service that AWS provides (AWS STS) which handles temporary time bound creds out of the box.
https://timebound-iam.com
reply