The loading phase frankly was designed for studies. Studies are often short-term, say 6 weeks. You've got to get everyone's creatine supplies "loaded up" quickly in an effort to make sure the bulk of the study is on folks with relatively comparable creatine stores. The easiest way to do this is to have everyone do a loading phase to reach max intramuscular creatine concentration. It is not for the benefit of the study participants; it's for the benefit of the study.
We humans not in studies are generally looking for a health benefit, not max intramuscular creatine concentration as fast as possible at the price of side effects. We are optimizing for something different than study authors. 5 g is fine.
This sounds intense... I'm a small female and I recently started at 5g a day and now I've dropped down to 2g a day because even at just 5g I was getting signs of dehydration, despite tripling my water intake. It does seem to make a difference in my physical performance so I'm overall happy with it.
Also the NIH fact sheet for creatine specifically recommends against higher starting doses.
I did the 25g a day loading phase and I could not tell any sort of effect at all one way or another. I do lift either more weight or do more reps pretty much every time I work out now. What was repping to failure a month or two ago is not even a working set now.
I don't think you can even do 30g at once in terms of mixing it. Even 5g in water it seems like theres some that will just stay crashed out of solution no matter what. I have done 25g over the course of a day though for a week long loading phase, and didn't notice any ill effects.
I think a lot of the anecdata on creatine is probably from people misplacing confounding issues to the creatine use. People in this thread are talking about heart palpitations or trouble sleeping. Stressful days at work are enough to trigger that.
Creatine isn't water soluble. I just take a 5g scoop daily and wash it down with water. I could do 6 scoops in a row without problem, but not sure what the point would be. The latest research fits with the 5g/day no need to load.
When I first started taking creatine in the late 90s (it had already been heavily studied then as one of the only supplements that improved athletic performance), I would mix it with juice. There were some studies that sugar would help the uptake.
Sorry but I call bullshit. There’s em-dashes all over, even in your original text. Were the editors or translators an AI? Did the editors use AI to “polish” it?
The emojis used in the bullet points (which are missing from your original text, but were added in at some point) are also dead giveaways that AI was involved here.
The em dash "gotcha" is so fucking tiring at this point.
It is perfectly possible, and even easy, to write e[nm] dashes manually. With compose key sequences it's barely more effort than typing a normal dash/hyphen, even. (Just compose key + `-.` for en dash, and `--` for em dash.)
I can't understand why people defend improper typography. If you're writing a proper, professional-looking blog post, they think you now should use double-minus -- instead of em-dash to make it look non-AI like, only for that reason?
In Russia, we have many typography keyboards/addons, because, well, it historically looked very silly to use double-minus or "-quotes instead of «»-quotes.
I've no idea how some countries got their typography standardized on the PCs and have it from the very beginning (Germany with their quotes for example), but the other countries need to setup external software and configuration. Apparently, US also didn't got their "third level" keyboard as a standard.
I used em-dashes before Gen AI was a thing and I refuse to stop using them. Doing so is admitting the AI companies won. I am not going to change the way I write just to appease some terminally online folks who lack the ability to understand that LLMs learned to write from our writings.
Ignoring references, just in article text:
5800 words (spaces);
78 em dashes (1.3%);
0 en dashes;
90 hyphens (1.5%).
English version of same timeframe:
16000 words;
0 em dashes;
32 en dashes (0.2%);
262 hyphens (1.6%).
> The emojis used in the bullet points
They're used in one list, where sub-projects are listed. Emojis used in that list are consistent with ones used for same sub-projects on Wiki https://docs.flipper.net/one
Someone thought it would be better than plain text, that's it.
It is unreasonable to expect “specific complaints” about AI vomit like this, because one of the main issues with AI content is the ability to generate an overwhelming amount of it. It’s simply not feasible to give specific criticisms, because the criticism is with all of it.
It’s like submitting a 10 page pull request to someone and then getting mad because the person didn’t give comments on every single snippet of code. The issue isn’t the snippets of code, the issue is the attitude that led someone to believe a 10 page PR is appropriate to begin with.
> It is unreasonable to expect “specific complaints” about AI vomit like this, because one of the main issues with AI content is the ability to generate an overwhelming amount of it. It’s simply not feasible to give specific criticisms, because the criticism is with all of it.
But how would that make the "I won't read this because it feels like AI" comments more interesting to read?
No one is forcing you to read this stuff, no one is forcing others to read this stuff as well. When I come across text that isn't great, for whatever reason, then I close the tab and move on with my life. Do I have to make it clear to the world what I think of the text in that specific article? Not really, it'll continue spinning like before, and people who want to read it will read it, others like me will just close it.
It sucks that even if the topic of the submission is interesting, here we are now stuck yet again going back and forth if it's worth saying "I don't think that article was human written" or not in the comments, although I'd hope it'd be considered vastly off-topic.
> But how would that make the "I won't read this because it feels like AI" comments more interesting to read?
> No one is forcing you to read this stuff, no one is forcing others to read this stuff as well. When I come across text that isn't great, for whatever reason, then I close the tab and move on with my life. Do I have to make it clear to the world what I think of the text in that specific article? Not really, it'll continue spinning like before, and people who want to read it will read it, others like me will just close it.
I think the point of those comments is to save others that time.
Do you really think it's reasonable to expect every single person to read some piece of slop, and independently make an effort to evaluate it to determine if it's worth reading?
> No one is forcing you to read this stuff, no one is forcing others to read this stuff as well
The front page of HN is limited real estate. I visit HN to discover and read interesting and quality content. Whether or not I am “forced” to read it, every piece of AI vomit that’s on the front page is taking a spot away from the real human content that I (and others) really want to see.
> here we are now stuck yet again going back and forth if it's worth saying "I don't think that article was human written"
I genuinely find this discussion in the comments to be of more value than reading the AI content in the article.
People will discuss the content in front of them. If you don’t want that discussion to be about AI content, then the solution is to not submit (or upvote) AI content.
Even more precious than HN real estate is the time of (how many HN readers are there?) unknowingly spending their time to read something that wasn't even worth 1 person’s time to have written themselves. (In OP’s case they said it partly came from Russian and provided the first draft so I'm more understanding.)
To expand on your previous point, "because the criticism is with all of it", I think the criticism is really with the HN community allowing so much of it to reach the front page.
A little bit would be tolerable, but the ENTIRE front page is garbage like this now.
> led someone to believe a 10 page PR is appropriate to begin with.
Agreed, a 10 page PR is not on. But the original article, though evidently touched up, was appropriate in length and scope. What's your real criticism here?
If you scroll down, it appears the Grok station has long had a lot of issues.
> DJ Grok reported “weather is fifty six degrees with clear skies” about every 3 minutes for 84 days straight. This contextless, repetitive abstraction happened again in DJ Grok’s broadcasts about its new obsession, UFOs.
Runtime discovery is the entire point of skills. Without it, this is just a templating prompt system that the user has to remember to use… except because this one changes your system prompt, it also busts your cache and costs you extra money when you use a prompt.
Skills are already dead-simple and this prompt system doesn’t at all tackle the same problem.
"{Feature} is the whole point of {more complex technology}" is an objection that can very often be raised. That doesn't mean that giving up features in exchange for simplicity is always the wrong call. And there's also advantages to having the user drive what instructions go into the prompt instead of the harness/model.
This is tangential to the point. It’s often great to have a simpler version of a solution, even if it eschews some features. But this isn’t that. OP claims that the prompt system is an “alternative” to skills, but it isn’t. It isn’t solving the same problem that skills solve at all. It’s like saying that a bicycle is a simpler alternative to a lawnmower because they both have wheels.
Prompts are a feature that are simpler than skills, sure, but they’re a completely different feature entirely.
It's an alternative in the same way e.g. plain markdown is an alternative to HTML, even though plain markdown lacks some of the features of HTML. "X is an alternative to Y" in this sense doesn't mean "X all the same features of Y", it means "you might reasonably choose to use X instead of Y, depending on your exact usecase"
Skills are not just prompts.. the entire problem that skills solve is runtime discoverability via a skill description. Agents can self-recognize that a skill would be useful in a situation, and then load+use.
Prompts are just text templates entered by the user, and the user must specifically know when to and remember to invoke them. If you’re just using skills as if they are the same as prompts, you’re totally missing out on the entire benefit that skills provide!
GPT 5.5 does not have the same capabilities as Mythos. There is a separate 5.5-Cyber model which is the Mythos “equivalent”, but it is similarly restricted access like Mythos. Per OpenAI, the major difference is the built-in safeguards that 5.5 (and other models have), where 5.5-Cyber does not have these safeguards and is more “permissive” for security work.
I got cajoled the other day that I need to upload my ID and ask for 5.5-Cyber access by the Codex desktop app while I was having it develop a fuzzing suite for an open source library I'm(we?) are developing. I was able to berate it into getting back to work.
This struck me as a point of emergent enshittification; an anus if you will.
The company doing the actual ID verification (KYC) is probably the last company I'd trust with this kind of data.
To circumvent conversations being flagged as "cybersecurity bad!!!" I often have to use previous models (5.3 for example, and sometimes using them through subagents is enough). And when this method no longer works, local models will be good enough for it to not be a problem (for my use case, at least).
We’re seeing the exact same where I work. Our main Slack channels have become inundated with “new tool announcements!”, multiple per day, often solving duplicate problems or problems that don’t exist. We’ve had to stop using those channels for any real conversation because most people are muting them due to the slop noise.
And what’s worse is that when someone does build a decent tool, you can’t help but be skeptical because of all the absolute slop that has come out. And everyone thinks their slop doesn’t stink, so you can’t take them at their word when they say it doesn’t. Even in this thread, how are you to know who is talking about building something useful vs something they think is useful?
A lot of people that have always wanted to be developers but didn’t have the skills are now empowered to go and build… things. But AI hasn’t equipped them with the skill of understanding if it actually makes sense to build a thing, or how to maintain it, or how to evolve it, or how to integrate it with other tools. And then they get upset when you tell them their tool isn’t the best thing since sliced bread. It’s exhausting, and I think we’ve yet to see the true consequences of the slop firehose.
This is what happens when entire industries go all in on "Move fast and break things." Imagine what they said about software applying to everything else in the world. That's what's coming.
> Security is less or no concern, bugs are more acceptable, performance / scalability rarely a concern. Quickest way to get things done
> This is what happens when entire industries go all in on "Move fast and break things." Imagine what they said about software applying to everything else in the world. That's what's coming.
This is literally how rest of the world works already, and always had. We'd still be living in caves otherwise. Fortunately most people (at least outside software) seem to understand that security is a trade-off against usefulness, and not an end goal in itself.
Not to mention utter nonsense. There’s no possible way that BW CLI somehow injected command history into a remote server. That was 100% something the GP did, a bug in their terminal, or a config they have with ssh/tmux, not Bitwarden.
that's our future... with AI. Engineers that don't know the difference between client-side convenience and server-side injection, how to configure `php.ini`, or that no synchronized password manager is safe. While the OAuth scope is `*`, and CORS is what you drink on the weekend.
Can someone explain why people struggle with CORS?
The full strength of the SOP applies by default. CORS is an insecurity feature that relaxes the SOP. Unless you need to relax the SOP, you shouldn't be enabling CORS, meaning you shouldn't be sending an Access-Control-Allow-Origin header at all.
If your front-end at www.example.com makes calls to api.example.com, then it's simple enough to just add www.example.com to CORS.
IME, CORS is pretty straightforward in prod but can be a huge pain in dev environments, so you end up with lots of little hacks to get your dev environments working (and then one of those hacks leaks back into prod and now you have CORS problems in prod).
This. This is a result of not having proper environments and engineering practices in place and so the team or engineer is free to just wing it and add hacks around security best practices because the Security Team (tm) is elsewhere and they never understand the ask. They know PKI and certificates, access card identity, maybe Cisco for their "cyber security" but that's usually where it ends. Yet somehow, they are in charge of CORS and TLS and Sast/Dast scans and everything else that should be baked into the pipelines and process. Resulting in an engineer saying f'it and adding an `if localhost` hack or something. CORS is one example but there are many others in pretty much every area of security. OAuth, CORS, LDAP, Secrets, Hashing, TOTP, you name it. Each has a plethora of packages and libraries that can "do" the thing but it always becomes a hairball mess to the dev because they never understood it to begin with.
That simple prod example isn't where people struggle with CORS. It's during development and I've got assets on Cloudflare and AWS and GCP and localhost:3000 and localhost:8000, and localhost:3001 and then a VM in Hetner at API.example.com because why not, that shit gets complicated and people get confused and lost. I mean, yeah, don't do that, but CORS gets complicated once the project gets enough teams involved.
I’ve found that the best way to deal with this is to add an entry to /etc/hosts for my local machine that fits the pattern for QA environment. Then I run a local reverse proxy with a self signed certificate.
Care to elaborate? I'd agree that the security/availability tradeoff is different, but "not safe" is as nonsensical a blanket statement as "all/only offline/paper-based/... password managers are safe".
reply