Not everything is about money. People were doing it, so they clearly had a motivation of some sort. I'm sure that some folks did it for themselves - just like writing a diary - but many others wanted to make new friends, earn praise, teach others, and so on.
If nothing else, LLMs have an indisputably negative impact on the second part. Fewer people will make it to your website if there's an AI digest on top of search results (or if they can skip search altogether by asking ChatGPT).
Yes, but here's the realization I had some time ago: no one cares. The billions of people online don't care. The internet is overwhelmingly accessed from mobile devices and used chiefly for shopping, scrolling through TikTok, watching Netflix, swiping on Tinder, and so on. More importantly, we don't care, not really. We pay lip service to it, but what have we done to foster the open / small web today?
Many of us work at companies that aren't moving the needle in the right direction, and in our free time, we seem to be content debating AI-generated think pieces and press releases from AI vendors. As I write this, in the top ten HN stories, I see press releases from Deepmind, Cursor, Tailscale, and Qwen. Even when commercial interests don't dominate and someone's passion project makes it to the top, how often do we offer meaningful encouragement or support?
The "old web" is something we like as an abstract idea, but in reality, we don't lift a finger to preserve it. I'm guilty too. When I'm done writing this comment, I'll probably go back to doomscrolling on walled-garden social media for a while.
> When I'm done writing this comment, I'll probably go back to doomscrolling on walled-garden social media for a while.
I won't. I don't do social media. I have a Facebook account but I never use it. I don't even have a Twitter account. I don't use TikTok or any other such apps. If I'm using my smartphone and it's not for a call, texting, or an essential app like my bank's, it means I'm reading an e-book on it. (It's true that I get most of my ebooks from walled gardens--Google and Amazon. Unfortunately the vast majority of freely available ebooks are simply unreadable because of crappy formatting. But it's still not social media.)
But I'm an extreme outlier. I wish I weren't, and to be honest I'm not sure I understand exactly why I am. But that's how it appears to be.
How many times must we trundle underfoot this lazy canard that HN is social media. A link aggregator with comments is not what anyone thinks of for that term.
I mean, there is discussion and a sense of community here. I’m not sure what exactly defines social media, but this is more than just a link aggregator.
> there is discussion and a sense of community here
That's been true of discussion forums for longer than the Internet has been available to the public. I was on discussion forums over dialup in the 1980s. The term "social media" didn't even exist yet, nor did the business model of trying to monetize people's online data.
Old forums weren't called social media. I think for it to be social media it has to be about your social graph, here on HN I almost never read peoples names and I don't really connect with people so it isn't social media, its just media with comments.
If I could subscribe to peoples feeds and such then it would be social media, but HN doesn't have that feature.
There's a massive whitewashing of what "social media" is. I don't feel there's one singular definition but I could be wrong, maybe I am the one who missed the boat. But I'd really love to see it quantified more
eg "Social media leads to addiction!" - ok take Facebook
Are you referring to
a) non-chronological feeds? Who knows what posts you'll actually find? You come back for more. You can't just log off for a week and come back and the most recent posts are there (you don't even see everything, the platforms regularly hides stuff). That's certainly addiction
b) fake notifications? That's fraud, and certainly addiction
c) the corollary of a), you don't know who's seen your posts so your mental model gets shaped. That's certainly addiction
I would say "social media" is a site that is trying to monetize your data, and using convenience as a lure to get you to give it your data to monetize. ("Data" here includes everything you post there.)
I would say social media is any website where the connections between the participants are as important or even more important than the content. As soon as you get 'followers' it is game over.
The first Google search hit for the UK variant of the law[1] says this:
This includes a range of websites, apps and other services, including social media services, consumer file cloud storage and sharing sites, video-sharing platforms, online forums, dating services, and online instant messaging services.
> Was Facebook social media before it started adding ads or not?
AFAIK it's had ads for practically its entire existence, and other than venture capital investments, ads have always been virtually its entire revenue.
Depends on what you consider "practically its entire existence": the same could be said of Google Search if we are looking at how long they did not compared to the rest of the time, but I distinctly remember the period when they did not and when I recommended them to my entire social circle as The Search Engine (compared to Yahoo, Altavista, MSN or whatever else was there at the time) or The Social Network (compared to MySpace, I can't remember anything else that was comparable).
To be honest, I'm not sure I even understand what the term "Open web" is supposed to mean?
Does it mean that each individual and company is hosting their stuff on their own physical hardware? Is it OK to use say AWS?
Does it mean that Facebook is the Open Web as long as you work at Facebook? But it's not if you don't?
Is any site with a login "not the open web"? So if I'm hosting on my own metal, paid for by paying subscribers, then I'm not Open Web?
To your point, I think no one cares because the term is so meaningless that it's irrelevant. Actual real people aren't interested in some technical distinction which is completely unrelated to their goals for being on the web in the first place.
It seems to me that the whole concept of "Open web" is so poorly defined, and the reasons for caring so obscure, that it pretty much never comes up anyway. Joe Public doesn't care because there's no reason to care, and he doesn't even know it's "a thing".
I know indie web camp has a thing against hosting services and probably the small web people would also say blogspot and wordpress and wix are too corpo.
So imho drawing the distinction at not requiring payment/login works as an open web definition. And if self-hosting is a requirement for some people, there are other terms to use.
Youtube, Substack, Medium and the like are open-ish. They're far more of a heavyweight platform than a web host or publishing tool. They could become walled with the flip of a switch. And they can be ad-walled which is testing the limits of openness.
I feel like you're describing pretty much every industry ever.
You could be talking about food, or insurance or cars or planes or health or (dare I say it?) politics.
Of course there are well understood commercial reasons for industries consolidating. Primarily because consumers prefer it.
But while your post is good on rhetoric, it still lacks the concrete definition I seek. Specifically what hardware, OS, VM software, site-creation tools, subscription options, advertising networks, payment processors, and so on must I use to reach "Open web" status?
You're describing a world, which is a fair desire. But when I go to the local bakery to pitch an online presence, what exactly am I pitching, and how does this pitch serve the goals of that bakery?
I get the concept of this at a principle level. But how does it play out for you? I mean, to what extent do you succumb to the monoculture because while principles are good, you live in the real world?
So, like, what phone OS do you use? There's not much choice but did you choose Android over iOS because it's more open? Or did you go the whole way and use PalmOS or Symbian? Do you pick airlines based on what planes they fly? Do you choose Bing over Google?
I say this not to judge but rather to highlight the wide gap between principle and reality. We live in a real world, and the world consolidates behind a small number of providers because that has proven to be a beneficial strategy. (And yes, those providers can then abuse us.)
But I don't want to choose between 20 political parties, or 10 credit card processors or have to build apps for 15 phone OS's.
The sadness of losing the early days of choice and wildness are not limited to the web. Before that we lost the 20 brands of PC (all with custom OS) that we had in the 80s. Every new industry goes through this process, and every generation misses the wild heady days of its youth.
I don't have a smart phone or a mobile phone .. and yes, I do stay in touch with a good many people via land lines, email, some encrypted apps, radio and IRL face to face conversation.
I pick aircraft for their stability at near ground level flight, Cresco STOL's for example, and or ability to land on water, have high wings, mostly twin props, etc. Quite fond of Robinson R22 and Cabri G2 helicopters.
Typically elections here have 10 or so parties, three or four major parties, several minor single issue parties, and 10 or so independants in many districts. It's a preferential ranked voting system that allows you to 1, 2, 3 your main interests and tail off there if that's all you care to do.
I still largely use paper maps (despite having processed a great deal of digital GIS data into digital mapping pipelines).
So, yeah - we're happy being off to the side and not part of the great urban monoculture.
Props to you, you're further along that track than I am. Running a business has been one of main obstacles to cutting more of these ties. But it's getting there.
Props to my father, really - he's still kicking along, born in 1935, and fairly adept at living in places that lack any modern urban infrastructure.
Although, TBH, he's fallen prey to the clutches of the iPhone (sans any account stuff and pretty much limited to phone calls, text messages, and logging his daily walks).
I am working with smart phones for other people, they're more and more integrated with tractors, drones, boom sprays, ag equipment .. but many people are mindful of routing data and control through { cloud } which often means the US and are still attached to ways of working that can still work when { stuff breaks }, like internet connections, US clouds.
Fuel and fertilizer is a big issue ATM .. there are a lot of people all wanting to seed seperate 4,000 Ha farm blocks ATM - and that ability to do or not do so will have a rolling impact about the world in a few months.
I've been telling everybody around me to prepare for a massive price increase in various must-haves because I don't see how we're going to avoid that.
Fertilizer and fuel are a massive problem and once reserves run out (and we're not that far from that depending on where you live, in some places we're already there) the problems will multiply very rapidly. Trump is the biggest idiot that ever sat in a seat of power and the whole world (but of course, as always, the poorer parts first) will end up paying the price, and if the harvest is bad quite possibly the ultimate one.
( Yes, I realise that'd entail the kind of hard physical long hour labour my father grew up with .. but the means are there and the kids and grandkids are all pretty fit )
> Do you pick airlines based on what planes they fly?
I stopped flying entirely.
> Do you choose Bing over Google?
Still using Google but working very hard on moving away from it.
Yes, I too live in the real world and I'm a really annoying customer for banks, insurance companies and my government by insisting they serve me without bending over and adopting some eco-system that I do not subscribe to. I have a need to interact with my bank, my government, my insurance company and my kids schools and I point blank refuse to be sucked into any of their app driven eco systems.
I applaud your dedication to not succumbing to the appification of everything.
Unfortunately you are an outlier and society is not built for outliers.
Equally, unfortunately, the opinion of outliers does not really help the argument for a more open web. Yes there's some small number of people on mastodon but telling my hairdresser to not use Facebook is not terribly useful to her.
> what have we done to foster the open / small web today?
Personally, I did a bunch of labeling of my indieweb index. Hopefully a fair chunk of HN users read a blog or two but its understandable if the news has stolen a lot of attention.
That's all it takes. Nobody has to quit their day job or create an open Tiktok alternative, the old web just needs patrons (with clicks, comments, or hrefs).
If you prefer the walled gardens, there is nothing wrong with that. But there are a lot of open web contributors out there.
The reason why no one cares is because most well-adjusted adults have never interacted with the web or its many tendrils as much as the patrons of this website (and others like it) have.
> people will finally understand that security bugs are bugs, and that the only sane way to stay safe is to periodically update, without focusing on "CVE-xxx"
Linux devs keep making that point, but I really don't understand why they expect the world to embrace that thinking. You don't need to care about the vast majority of software defects in Linux, save for the once-in-a-decade filesystem corruption bug. In fact, there is an incentive not to upgrade when things are working, because it takes effort to familiarize yourself with new features, decide what should be enabled and what should be disabled, etc. And while the Linux kernel takes compatibility seriously, most distros do not and introduce compatibility-breaking changes with regularity. Binary compatibility is non-existent. Source compatibility is a crapshoot.
In contrast, you absolutely need to care about security bugs that allow people to run code on your system. So of course people want to treat security bugs differently from everything else and prioritize them.
I think part of it is that, especially at the kernel level, it can be hard to really categorise bugs into security or not-security (it has happened in the past that an exploit has used a bug that was not thought to be a security problem). There's good reason to want to avoid updates which add new features and such (because such changes can introduce more bugs), but linux has LTS releases which contain only bug fixes (regardless of security impact) for that situation, and in that case you can just stay up to date with very minimal risk of disruption.
And this is the best-case scenario. Because once updates become opt-out it simply becomes an attack vector of another type.
If the updated code is not open source, you are trusting blindly that not some kind of different remote code execution just happened without you knowing it.
As blind as my belief that Asia exists, because I haven't personally navigated there. Hell, I've used electricity (using it right now), but I couldn't do the experiments you need to do to get myself to an 1850s level of understanding of how it works, much less our current level.
I trust that Linux has a process. I do not believe it is perfect. But it gives me a better assurance than downloading random packages from PyPi (though I believe that the most recent release of any random package on PyPi is still more likely safe than not--it's just a numbers game).
I get what you are saying but as you said, if you are already under attack you can't trust your own computer, you just hope that you aren't downloading another exploit/bogus update. Real software I imagine is not so easy to pwn so completely but I don't know.
>it takes effort to familiarize yourself with new features, decide what should be enabled and what should be disabled, etc.
What features? I update my rolling release once a month and nothing changes for the last 10 ish years. Maybe pipewire/pulse thingy was annoying and bluetooth acted a bit. With docker on rpi I even upgrade the whole zoo of things by just rebooting.
exactly. it is something you genuinely never need to think about, except for once in a blue moon. or, more like once in a leap year. and completely unmeasured by the "we will update it when our [horrific] business processes say it's okay" crowd is the cumulative angst of shit being broken FOR NO REASON. and that is to say nothing of the security vulnerabilities and all the other reasons that exist for updating your software.
but this simply isn't true. everyone thinks "oh well my use cases will never hit any of those bugs", but then there is one person in your org who hits that particular bug and it drives them batty. it is a retro-justification for doing things the wrong way "For the Right Reason". like... no one would be like "NEVER change the oil in your car unless the light goes off". we're not talking about Micro$oft here, where you literally have to pray to your deity of choice every time you click the update button. we are talking about the Linux kernel. i do not even need a thumb to count on one hand the amount of times a kernel update has significantly impacted my life. whereas probably 50% of my Windows updates break at least one of my peripherals, and OS X isn't exactly much better these days.
> Linux devs keep making that point, but I really don't understand why they expect the world to embrace that thinking. You don't need to care about the vast majority of software defects in Linux, save for the once-in-a-decade filesystem corruption bug.
The point is that all of those bugs are now trivial to exploit and so will be exploited
Details are important, but my mental model has settled as: Security bugs are being use in a manner to how politicians use think of the children. It's used as an auto-win button. There are things to me that compete with them in priorities. (Performance, functionality, friction, convenience, compatibility etc); it's one thing to weigh. In some cases, I am asking: "Why is this program or functionality an attack surface? Why can someone on the internet write to this system?"
Many times, there will be a system that's core purpose is to perform some numerical operations, display things in a UI, accept user input via buttons etc, and I'm thinking "This has a [mandatory? automatic? People are telling me I have to do this or my life will be negatively affected in some important way?] security update? There's a vulnerability?" I think: Someone really screwed up at a foundational requirements level!.
> In some cases, I am asking: "Why is this program or functionality an attack surface? Why can someone on the internet write to this system?"
With the help of LLMs, every software not in a vault has an attack surface. LLMs are quite good at finding different, non-obvious paths, and you can easily test their exploit candidates.
As `tptacek caught on to, I was joking since OpenBSD's published claim is such a convenient comparison to the idea upthread that Linux specifically had a poor track record.
1. That's bollocks. Obvious bullshit. All software doesn't have the same security track record. Do you also think sendmail and seL4 have an equally poor security track record?
2. Even if everything did have an equally poor security track record, why would that mean security bugs are no more significant than any other bug?
Honestly I'm dubious you've thought about this at all.
I didn't say "all software has the same security track record". seL4 has a much better track record than Sendmail by dint of not doing very much. I'm pretty comfortable with what people do and don't think about how much thinking I've done on this topic. Done much work with L4?
Without even wading into trying to rank projects by track record, it's worth noting that "Everything has a poor security track record" and "All software doesn't have the same security track record" are not contradictory statements.
The real story is what's going on behind the scenes. The charges are relatively flimsy (for the reason I mentioned in my other comment). But here's the cool thing: the site is basically taken from Microsoft's playbook. For years, they pretty transparently bankrolled shadowy, single-issue "grassroots advocacy" groups that went after their competitors under flimsy pretenses. These organizations attacked others but somehow never had an opinion about stuff like Windows Copilot.
This feels very similar, except now it's taking a swing at Microsoft. It's apparently paid for by some mysterious "trade association and advocacy group for commercial LinkedIn users" that runs out of a private PO box in a small German town - uh huh. I'm not going to feel bad for Microsoft, but I would love to read some investigative reporting down the line.
> I’m not deeply familiar with what APIs are available for detecting extensions, but the fact that it scans for specific extensions sounds more like a product of an API limitation (i.e. no available getAllExtensions() or somesuch) vs. something inherently sinister
This seems like a really weird argument to make. The fact that the platform doesn't provide a privacy-violating API is not an extenuating circumstance. LinkedIn needed to work around this limitation, so they knew they're doing something sketchy.
For the record, I don't think they're being evil here, but the explanation is different: they're don't seem to be trying to fingerprint users as much as they're trying to detect specific "evil" extensions that do things LinkedIn doesn't want them to do on linkedin.com. I guess that's their prerogative (and it's the prerogative of browsers to take that away).
Judging from the fact that 99% of the list seem like data-mining scam apps or spam tools, I suspect that's the answer in these cases too.
If LinkedIn really wanted to profile your religious beliefs, they would presumably go after the most popular religion-related extensions, not some "real-time AI for Islamic values" thing with 6k users.
That kind of money, even if it goes to a single person, doesn't get taken out of the economy. No one puts it under the mattress. It's invested, so it's basically given to other people in exchange for a promise of equity / future returns.
It might not be the allocation of capital we like, but it doesn't disappear.
Well, there is a financial 'sink' - stockpiles and ammunition or other non-reusable military gear are basically the definition of money 'destroyed'. Their political value is almost non-existent actual money. If any, at all.
> stockpiles and ammunition or other non-reusable military gear are basically the definition of money 'destroyed'
Goods like longer-lasting food, medical supplies or a strategic oil reserve are not wasted. The money that went into supplying them has gone back into the economy, and they serve a more strategic purpose than the market participants could have borne (i.e. societal insurance policies). The same could also be said of military stockpiles, and continuing to buy them sustains a capability that is hard to get back once lost.
Those stockpiles weren’t created by putting money into a shredder and getting ammunition out. They were created by paying for the materials and labor. At that point the government’s money is frozen and stockpiled, but the economy still has the money that was spent.
> No one puts it under the mattress. It's invested, so it's basically given to other people in exchange for a promise of equity / future returns.
You make wealth concentration sound like a good thing somehow. This was publicly collected tax money, that will go on to enrich some already rich douchebag.
Even before the hikes, SBCs were $50-$100 a pop, compared to pennies for basic MCUs and maybe $4 for high-performance ones. People were clearly willing to pay 100x more just for familiarity and the ecosystem ("hats", forums, etc). I don't know if 300x is going to make more hobbyists see the light, or just result in fewer of them being able to afford the hobby?
> People were clearly willing to pay 100x more just for familiarity and the ecosystem
This is obviously logical. If I know how to program in Python or JS but not C and am familiar with SSH, I can do something with a SBC in a few minutes.
I get paid $200/hr. If I spent even one hour to learn what I need to deal with a microcontroller, the time cost is four times the cost of materials if I stick with what I know.
How many small projects do I need to do in my free time before it's financially smart to learn a whole new technology?
Most of the "professional" microcontrollers have complicated flashing schemes, expensive bespoke IDEs, and limited language support. Treating a lot of that like a moat around their products.
I find it remarkable that they haven't tried to make all of that easier. Any board with arduino support is easy to start using, with pared down c++, boards similar to the micro:bit support micropython and javascript as well as a few others, and a ton of modern development boards have UF2 support.
UF2 is a step change in how easy it is to flash a binary onto a microcontroller. You hold down a button before connecting it to a USB port, and then it appears as a USB drive for you to drop a file onto, once it's done "copying" the board is flashed and will run your code as soon as it resets.
If you want to gain familiarity with a board, you can drop a .uf2 file with a REPL on it and run code on the board a line at a time.
As if it would make sense that spending 2hrs relaxing on the beach or gardening your orchids would cost $400 to you. Money not made is not money spent. If you were doing a hobby project for learning, you were not going to be working during that time anyways, so your hourly rate doesn't matter.
Microcontrollers don't really make sense for hobbyists (unless their hobby is programming microcontrollers, of course). They only make sense when you think about deploying an application at scale, at which point the per-unit price becomes important. OTOH, if your hobby project goes viral and you want to profit from selling SBCs with it preinstalled, a cheaper SBC is a plus, but that's not very likely to happen...
My point is that the FPGA boards are several orders of magnitude more expensive than the actual chip. To be fair you should be comparing between the cost of the SoC and the microcontroller.
I'm not sure your criticism is quite fair. I think everyone here is willing to cut more slack to the underdog. But when your company represents an outsized chunk of the digital economy and employs 10k+ people, and only then says "sooo, let's try to build some sort of a profitable product here", I can see why people are rolling their eyes.
OpenAI also burned a lot of goodwill by pretending to be a nonprofit foundation focused on the betterment of mankind and then executing one of the most spectacular rugpulls in modern history. So yeah, people will be giving them a hard time even if it turns out that the valuation is justified.
There's nothing "basic" about Calculus II. Calculus is uniquely cursed in mathematical education because everything that comes before it is more or less rooted in intuition about the real world, while calculus is built on axioms that are far more abstract and not substantiated well (not until later in your mathematical education). I expect many intelligent, resourceful people to fail it and I think it says more about the abstractions we're teaching than anything else.
But also, prompting LLMs to give good results is nowhere near as complex as calculus.
If nothing else, LLMs have an indisputably negative impact on the second part. Fewer people will make it to your website if there's an AI digest on top of search results (or if they can skip search altogether by asking ChatGPT).
reply