Hacker News new | past | comments | ask | show | jobs | submit | throwaway2016a's comments login

Perhaps I'm missing it but where do you actually buy and/or generate a CMC? I can't find any information on it.

Personally VCM is far too expensive for me at this time which is the only reason I haven't gotten one. But I certainly realize that putting a cost barrier to entry makes it less accessible to bad actors.


CMC is on but same price as VMC this is totally unfair https://www.digicert.com/tls-ssl/verified-mark-certificates#...

Like other here I think 13 miles may be generous for city driving but pretty reasonable for highway.

With that said, it works MUCH better for me than it did a couple years ago and I find most of the time I disengage it is not because it actually needed human intervention but because it wasn't aware of the social norms at certain intersections.

For example, I have an intersection near my house that requires you to inch out and essentially floor it first chance you get if you want any hope whatsoever of taking a left hand turn, but FSD will (understandably, I think) not do that.


Exactly, the "how it works" section ironically does not actually explain much.

I would love to know how this differs from fingerprinting. And if it is just fingerprinting it seems like it'd probably be trivial to bypass. Especially since it appears that you have a way to check your ID so you could potentially experiment with different ways to affect it.


My guess is that the average is very different than the median here. In general there are a few considerations:

- Green lawns are considered a status symbol in the US and in many higher end neighborhoods houses run irrigation multiple times a day.

- Same goes for pools.

- Baths are common (especially for kids) and use a fair amount of water.

- Our toilets and showers are not efficient.

- We tend to do laundry and dishes with machines (though I'm not sure if that would really use more or less water).

I also suspect that number may include industrial and commercial. Since even considering the above it still seems high.


Washing dishes with the machine actually tends to save quite a lot of water, as long as you actually fill the machine.

> as long as you actually fill the machine

That's more or less what I suspected. Though... and I'm not sure if this is an American thing, an international thing, or just a weird quirk of the specific people I know... I know several people who run their machines every day even if they aren't even close to full.


A dishwasher is so much more efficient than handwashing dishes that it's going to save water even without being anywhere close to full.

I'm not a fan of letting dirty dishes sit. Dried on food doesn't come off as easily.

> - Our toilets and showers are not efficient.

You can't make blanket claims about the US as a whole for things that are driven by the states - many states have highly restrictive shower/toilet efficiency requirements.


You are right, I cannot generalize. In fact our main flush function in newer toilets is the same flow as almost all countries (Australia and Japan being the exceptions) but we also have far fewer "Duel Flush" toilets (apparently, I'm just learning this myself) and the low flow on duel flush toilets uses much less water.

Whenever I’m in the states and see the urinal “American Standard” 1 gpf (gallon per flush) I cry in Australian.

American Standard sells urinals with water use as low as 1/8 (0.125) gallons per flush.

https://www.americanstandard-us.com/urinals-list

(I only thought of this because the urinals at the companies I've worked at over the past decade proudly displayed these 1/8-gallon numbers.


.. and plenty of urinals are completely water free...

And they uniformly stink...

How much is the gpf or lpf in Australia?

In Australia, they're measured in pints

> - We tend to do laundry and dishes with machines (though I'm not sure if that would really use more or less water).

Dish washers save water, also those are machines that Germans also use.


Fair enough, that was the one that seemed most questionable even as I wrote it.

This is really great. Managing migrations without locking the table can be a real huge pain-point. And having a dedicated project likely covers more edge cases than an internal tool would (as is evident looking at the issues list).

With that said, it looks like it could be used not just as a stand alone tool but also embedded within a Go application since it does export its API. In my case I'd love to use it from my existing tooling. I couldn't find any documentation on how to do that, though.

I'll probably dig more into that later.


I'm not sure it's something I would use but it looks like some good work.

At first glance the pricing seems a little high for a single-use tool. It is still cheaper than using humans but also, as it sounds like you are aware you are aware, there are some issues demo page that the AI agents didn't call out that a human would have.

I like that you included developer tool results in your summary. Consider possibly including Accessibility results in there as well. A11y is something a lot of developer and product people don't think about. It could be you already have it and I just didn't notice.


This was my first reaction. It hasn't been that long and giant ships can't change course quickly.

And for much of that year there were a lot of questions around the ownership of AI generated code as well as information security. In fact, most of those questions are still not satisfactorily solved. So I'm not so surprised that we haven't seen massive results "yet"


I find it striking that in the same day I saw a video about how someone "Made an API in 20 minutes with one prompt" and this. The two approaches seem very divergent. One that is almost cavalier about things like security, standards, etc and another that is (almost) over engineered.

One observation, is that I there are two trains of thought. Using OAD (Open API Descriptions) as a source of truth and generating code from there or treating OAD as an artifact that comes out of some other tools.

I personally see OpenAPI as kind of a glue that can allow different tooling to be able to speak the same language.

Overall I found the linked Moonwalk[1] document to be more interesting. But there is some interesting analysis to be found in this article as well.

[1] https://www.openapis.org/blog/2023/12/06/openapi-moonwalk-20...


> I find it striking that in the same day I saw a video about how someone "Made an API in 20 minutes with one prompt" and this

You can also record a blank video on your phone for 20 minutes and call that a movie. Would anyone watch it?

You can also build a house in days. Would it crack? Is it maintainable? What happens later? Who knows.


The ethos I have seen around these is usually "It doesn't have to be proper if it isn't making money"

I think it's a fair attitude if your only goal is to make money, but it completely misses "why" you should build something... if you truly care about a problem you wouldn't haphazard it anyway.


> "It doesn't have to be proper if it isn't making money" > I think it's a fair attitude if your only goal is to make money

Is that why we often get so many posts about e.g. getting a huge bill on AWS or GCP? Or that so and so company shut them down or whatever else?

I've seen far too many "temporary" solutions and "quick fixes" that always go beyond the scope and lifetime. Never have such a mindset.


Maybe I don't truely care about my problem? But I just care a little bit, and I've done the risk analysis.

I used a whole lot of "ChatGPT just wrote it all for me" for a rust program that watches for and renames video game clips for me. Maybe it's insecure or has subtle bugs, I don't really care all that much because it does the job for me.


> Maybe I don't truely care about my problem?

You pretend to not care until you do. When it accidentally deletes your files or even your whole hard drive you'll suddenly find someone / something to blame.


> I think it's a fair attitude if your only goal is to make money

Short term, yes. But it's a bit short sighted as most of the AI code I have seen has security and scalability issues that long term have potential to blow up in your face costing even more money.

Granted that can usually be fixed by better prompts. But to right those prompts requires the person doing the "prompt engineering" (rolls eyes) to actually have a working knowledge of a lot of areas such as architecture, security, software engineering best practices, etc. And a lot of the influencers out there pushing AI openly admit to "not knowing how to code" let alone knowing the right way to build a technology product so that it scales and is safe.


To be fair I wasn't agreeing with the "API in 20 minutes approach" I was only pointing out the contrast between that and something like this.

As I tried to allude too, AI written APIs often have security, performance, maintainability and a whole slew of other issues.

But at the same time, I think "blank video on your phone for 20 minutes" is a bit of a stretch. These AI generated APIs have problems for certain but they are working software and in many cases better working software than a non-coder or junior engineer could have written in a much longer time.

And while I don't like the idea of tons of insecure poorly architected APIs being out there, the realty is, people are using AI generated APIs in the real-world right now, it's not hypothetical.


> but they are working software

What is "working" software?

Have we lost the meaning of that now too? Samsung Galaxy Note 7 is a "working phone" too - it just might explode.

> but they are working software and in many cases better working software than a non-coder or junior engineer could have written in a much longer time.

Imagine the nurse telling you that you've got an AI doctor operating on you that's better than the junior surgeon. I'm sure you'd be happy. We've been cheapening the industry for a long time. Not everyone needs to produce code.

> the realty is, people are using AI generated APIs in the real-world right now, it's not hypothetical.

The reality is there is contaminated cooking oil [1], noodles with opium [2] and a infinite amount of issues. Let's not make the world worse?

[1]: https://www.abc.net.au/news/2024-07-13/cooking-oil-contamina...

[2]: https://www.washingtonpost.com/news/morning-mix/wp/2014/09/2...


Working means you give it input and it produces the expected output for all your defined used cases. Don't confuse working with good.

Let's keep your analogy: AI isn't producing software that is the equivalent of a AAA movie title by any stretch but it is producing far better than a bunch of kids in a garage with their cell phones can make. Which is orders of magnitude better than 20 minutes of blank video. Which means that people will use it whether you like it or not.

Reality doesn't care if you think it is a bad idea... in fact I think you and I are on the same page, I do think it is a bad idea... but reality will continue to exist whether you and I like it or not.

You're not helping anyone by arguing how crappy and harmful it is to someone who already knows how crappy and harmful it is.


Those make great YouTube video titles.

Yeah this article is more about how we (the OpenAPI Initiative) are designing the next versions of the OpenAPI Specification than it is about how to use it. The diagram does include both an OAD generator and editor, intended to encompass both code-first and description-first (which doesn't make too much difference for this blog post). The Moonwalk article is definitely more general purpose! This is "OK Moonwalk has a great vision, but how do we actually make it a real spec?" I've been using variations of this diagram in the weekly Moonwalk calls for the past month or two.

> OK Moonwalk has a great vision, but how do we actually make it a real spec?

I'm not sure the article really succeeds if that was the goal. I suspect that there might be some aspects of the discussion that are taking place that are missing from the article making it a little difficult for someone who wasn't in those discussions to connect the dots.

Don't get me wrong, I think the article had some useful pieces in it, I just think if that was the goal of the article it could possibly use some additional framing for people who don't have the full context.

With that said, I really appreciate transparency into the thought process!


> I just think if that was the goal of the article it could possibly use some additional framing for people who don't have the full context.

It's always a struggle to figure out how much explanation to put in before people see something like "20 minute read" and just refuse to read it. (BTW I don't mind the critical feedback at all- I'm just glad you found something useful in it).

But keep in mind that _we_ haven't answered "how do we actually make it a real spec?" either! This is a snapshot of our efforts at this particular moment. Also, there's a reason that this is "part one in a series" :-)


I like that idea but I purposely stay anonymous on HN and I would be DOXing myself if I used this. It'd be great to be able to either use it without a username (ideally) or have the choice to keep your HN username private.


In my experience Accept-Language header is pretty unreliable. It tends to just be one of a few values. Between people never updating it, proxies stripping it, people concerned it will make them easier to fingerprint, etc.

Also, form an implementation standpoint, translation is a lot of work to get right and some companies may not do it for all languages so they may support the header but just not support the language choice you have. Yelp being a weird example where they apparently have the Japanese translation on another site.

Combine all that together and it's not usually worth the effort to do it unless you have specific legal requirements or high demand from users.


Proxies stripping it? Tell me more.


(Sorry for the delay, I haven't checked HN is a while and just noticed this)

So some proxies (forward and reverse) will strip this header for different reasons.

The reverse proxies sometimes strip it to improve caching and/or because they were configured to have a allow-list of headers and this (being a less common one) was excluded.

The forward proxies will sometimes strip it for privacy reasons (it can be used in fingerprinting) or for the same reason (they have a list of allowed headers and this isn't one).


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: