Minimal Hacker News

Front page + top level comments only

CSS Grid Lanes

Props to the Safari team. They surprised us all when they suddenly shot to the top of interop-2025 this October

https://wpt.fyi/interop-2025

This is exciting to see! I just used Masonry for a project this past week. While it works quite well and is pretty performant, it is pretty hacky using absolute positioning, wanting to know the aspect ratios of objects beforehand for smoother layout, and having to recalculate everything on resize. I'm looking forward to having a generally available native option one of these days.

Very cool! I wonder, will it be easy to build interactive interfaces on this primitive, like animations and drag-and-drop?

I have to ask, like with all the other browser specific trial implementations: how is cross platform support? If we wanted to make a grid layout that only worked in one browser engine, grid-template-rows: masonry was there for a while now.

Chromium still seems to be working on support it seems based on https://cr-status.appspot.com/feature/5149560434589696 so maybe it'll be useful soon? That page indicates that they're still discussing certain parts of the spec.

I always thought that the masonry layout looked good but made it harder to get a good overview of the images.

I have often thought layouts should be done by a constraint solver. Then there could be libraries that help simplify specifying a layout, which feed constraints to the solver.

how does it work with animations? like if i transition:all and then remove a middle img does the other elements get animated?

I've been using Chromium's display: masonry in some internal apps since they introduced it behind a flag in Chromium 140. Looks like they just have to rename it now?

How would you query the location where you need to load more data when scrolling down (the highest empty spot)?

I've run the masonry layout (for my personal bookmark website) ever since I've found it in the browser settings.

grid-template-rows: masonry;

is going to be outdated then?

Maybe this will be an unpopular opinion, but I really dislike the lane layout, because it is not possible to efficiently take a glance at all elements in the list, one by one.

If you try to go left-to-right, you will quickly realize that at the end of each "line" it is really difficult to know where the next line starts. It is easy to accidentally start again on the same line (and inspect the same elements), or skip one accidentally. Then navigating through the elements one by one requires a considerable amount of cognitive effort, your eyes bounce up and down constantly, and you end up inspecting the same elements multiple times.

If you try to go top-to-bottom, lane by lane, you will then realize that the page also has infinite scroll and you will never go past the first lane.

Masonry grid layout was one of a few interviewing pair programming tests I would give to frontend engineers. I need to see how this works under the hood!

sweeeeeeeeeeeet

Is anyone working on actual css problems instead of this sugar syntax?

Hypermedia suffers because these marketing companies waste time on making sure they can build Pinterest in 10 LoC instead of fixing actual long running hypermedia domains.

Oh, how cool! Another barrier to a new browser gaining user base!

I don't understand all the busywork goes behind new browser updates, just to retain their market share (since they can afford more engineers, than say Ladybird). Is this needed? It's not rocket science, folks.

Is this increasing complexity in the Web layout world worth it? Anyone who wants to use this is going to drop support for older browsers (and, in so doing, older machines that can't run newer OSes and newer browsers).

Personally, I use an 11-year-old machine and have had to add userscript hacks to certain major Web sites to work around bugs in CSS grid (not the "lanes" described here).

At least new JavaScript features can be "polyfilled" or whatever. Maybe sites could check for CSS feature support too? But they seem not to.

For example, the demo page linked in the article fails pretty unusably for me. All the images take up nearly the full viewport width.

Mistral OCR 3

Read Story

From a tweet: https://x.com/i/status/2001821298109120856

> can someone help folks at Mistral find more weak baselines to add here? since they can't stomach comparing with SoTA....

> (in case y'all wanna fix it: Chandra, dots.ocr, olmOCR, MinerU, Monkey OCR, and PaddleOCR are a good start)

there has been so many open source OCR in the last 3 months that would be good to compare to those especially when some are not even 1B params and can be run on edge devices.

- paddleOCR-VL

- olmOCR-2

- chandra

- dots.ocr

I kind of miss there is not many leaderboard sections or arena for OCR and CV and providers hosting those. Neglected on both Artificial Analysis and OpenRouter.

> Mistral OCR 3 is ideal for both high-volume enterprise pipelines and interactive document workflows.

I don’t know how they can make this statement with 79% accuracy rate. For any serious use case, this is an unacceptable number.

I work with scientific journals and issues like 2.9+0.5 and 29+0.5 is something we regularly run into that has us never being able to fully trust automated processes and require human verification every step.

My current holy grail is my attempt to convert a Shipibo (an indigenous Peruvian language)-to-Spanish dictionary into a Shipibo-to-English dictionary. The pdf I have (available freely on archive.org) isn't a great scan (though I think it'd be a heck of a lot easier than some of the handwritten examples they show). Layout (2-columns) along with header/footers can cause some headaches, but it is all Latin script. This seems to fall on its face pretty badly (not even a couple of pages in), so my search continues. (The other major problem I'm having is trying to separate out Shipibo definitions/examples from the Spanish ones, and only translating the Spanish to English...so pretty complex I guess. I've been taking fresh stabs at this project every few months when I see OCR/LLM news pop up and continue to be disappointed)

Does it handle math expressions (those rendered from LaTeX) well? I've been looking for a good OCR model to transcribe my math textbooks into markdown (obviously ignoring the images and figures) with LaTeX as math expressions, and none of the current OCR models work reliably enough.

EDIT: you can try it yourself for free at https://console.mistral.ai/build/document-ai/ocr-playground once you create a developer account! Fingers crossed to see how well it works for my use case.

It seems like Mistral is just chasing around sort of "the fringes" of what could be useful AI features. Are they just getting out-classed by OAI, Google, Anthropic?

It seems like EU in general should be heavily invested in Mistral's development, but it doesn't seem like they are.

This might be a good place to check the options available for OCR in-place translations. I took a look at OCR3, but it doesn't seem to support my use-case. It looks more tailored towards data extraction for further processing.

I've got some foreign artbooks that I would like to get translated. The translations would need to be in place since the placement of the text relative to the pictures around it is fairly important. I took a look at some paid options online, but they seemed to choke - mostly because of the non-standard text placements and all.

The best solution I could come up with is using Google Lens to overlay a translation while I go through the books, but holding a camera/tablet up to my screen isn't very comfortable. Chrome has Lens built in, but (IIRC) I still need to manually select sections for it to translate - it's not as easy to use as just holding my phone up.

Anyone know of any progress towards in-place OCR/translations?

I'm reading worse performance than many OSS offerings like Paddle, MinerU, MonkeyOCR, etc:

https://www.codesota.com/ocr

I am testing it as a replacement of MathPix, first few tests look rather decent. In python for windows: https://pastebin.com/uyiFHKdJ (alpha version prototype). Launches windows snip tool, waits for clipboard image, calls Mistral, retrieves markdown and puts it as text in the clipboard, ready to be pasted in Typora, Obsidian, or other markdown editor.

My main beef with mistral is that they don’t bother to respond to customer inquiries for products the hide behind “reach out for pricing” terms, so even if they were better than SoTA it wouldn’t really matter.

No one mentioning the possibly most beautiful css effect on the Internet??

Is open router still sending all OCR jobs to Mistral? I wonder if they're trying to keep that spot. Seems like Mistral and Google are the best at OCR right now, with Google leading Mistral by a fair bit.

Not OS / free weights right?

Gave it a birth registry from a Portuguese locality from 1755 which my dad and I often decipher to figure out geneology and it did a terrible job.

Regular Gemini Thinking can actually get 70-80% of the documents correct except lots of mistakes on given names. Chatgpt maybe understands like 50-60%.

This Mistral model butchered the whole text, literally not a word was usable. To the point I think I'm doing something wrong.

The test document: https://files.fm/u/3hduyg65a5

[flagged]

Garage – An S3 object store so reliable you can run it outside datacenters

Read Story

Copy/paste from a previous thread [0]:

We’ve done some fairly extensive testing internally recently and found that Garage is somewhat easier to deploy in comparison to our existing use of MinIO, but is not as performant at high speeds. IIRC we could push about 5 gigabits of (not small) GET requests out of it, but something blocked it from reaching the 20-25 gigabits (on a 25g NIC) that MinIO could reach (also 50k STAT requests/s, over 10 nodes)

I don’t begrudge it that. I get the impression that Garage isn’t necessarily focussed on this kind of use case.

---

In addition:

Next time we come to this we are going to look at RustFS [1], as well as Ceph/Rook [2].

We can see we're going to have to move away from MinIO in the foreseeable future. My hope is that the alternatives get a boost of interest given the direction MinIO is now taking.

[0]: https://news.ycombinator.com/item?id=46140342

[1]: https://rustfs.com/

[2]: https://rook.io/

Half-OT:

Does anyone know a good open source S3 alternarive that's easily extendable with custom storage backends?

For example, AWS offers IA and Glacier in addition to the defaults.

Looks interesting for something like local development. I don't intend to run production object storage myself, but some of the stuff in the guide to the production setup (https://garagehq.deuxfleurs.fr/documentation/cookbook/real-w...) would scare me a bit:

> For the metadata storage, Garage does not do checksumming and integrity verification on its own, so it is better to use a robust filesystem such as BTRFS or ZFS. Users have reported that when using the LMDB database engine (the default), database files have a tendency of becoming corrupted after an unclean shutdown (e.g. a power outage), so you should take regular snapshots to be able to recover from such a situation.

It seems like you can also use SQLite, but a default database that isn't robust against power failure or crashes seems suprising to me.

Seeing a ton of adoption of this after the Minio debacle

https://www.repoflow.io/blog/benchmarking-self-hosted-s3-com... was useful.

RustFS also looks interesting but for entirely non-technical reasons we had to exclude it.

Anyone have any advice for swapping this in for Minio?

BTW https://deuxfleurs.fr/ is one of the most beautiful website I have ever seen

I use this for booting up S3-compatible buckets for local development and testing -- paired up with s5cmd, I can seed 15GB and over 60,000 items (seed/mock data) in < 60s... have a perfect replica of a staging environment with Docker containers (api, db, cache, objects) all up in less than 2mins. Super simple to set up for my case and been working great.

Previously I used LocalStack S3 but ultimately didn't like the lack of persistance thats not available on the OSS verison. MinIO OSS is apparently no longer maintained? Also looked at SeaweedFS and RustFS but from a quick reading into them this once was the easiest to set up.

No tags on objects.

Garage looks really nice: I've evaluated it with test code and benchmarks and it looks like a winner. Also, very straightforward deployment (self contained executable) and good docs.

But no tags on objects is a pretty big gap, and I had to shelve it. If Garage folk see this: please think on this. You obviously have the talent to make a killer application, but tags are table stakes in the "cloud" API world.

I love garage. I think it has applications beyond the standard self host s3 alternative.

It's a really cool system for hyper converged architecture where storage requests can pull data from the local machine and only hit the network when needed.

No erasure coding seems like a pretty big loss in terms of how much resources do you need to get good resiliency & efficiency

One really useful usecase for Garage for me has been data engineering scripts. I can just use the S3 integration that every tool has to dump to garage and then I can more easily scale up to cloud later.

I tried it recently. Uploaded around 300 documents (1GB) and then went to delete them. Maybe my client was buggy, because the S3 service inside the container crashed and couldn't recover - I had to restart it. It's a really cool project, but I wouldn't really call it "reliable" from my experience.

How is garage for a simple local dev env ? I recently used seaweedfs since they have a super simple minimal setup compared to garage which seemed to require a config file just to get started.

Corrupts data on power loss according to their own docs. Like what you get outside of data centers. Not reliable then.

Is it the same consistency model as S3? I couldn't see anything about it in their docs.

Wasn't expecting to see it hosted on forgejo. Kind of a breath of fresh air to be honest.

Does this support conditional PUT (If-Match / If-None-Match)?

I use Syncthing a lot. Is Garage only really useful if you specifically want to expose an S3 drop in compatible API, or does it also provide other benefits over syncthing?

Unfortunately, this doesn’t support conditional writes through if-match and if-none-match [0] and thus is not compatible with ZeroFS [1].

[0] https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/1052

[1] https://github.com/Barre/ZeroFS

Anybody understand how this compares with Vast?

https://git.deuxfleurs.fr/Deuxfleurs/garage/src/branch/main-...

this is the reliability question no?

TP-Link Tapo C200: Hardcoded Keys, Buffer Overflows and Privacy

Read Story

I'm a little frustrated with articles like this that scattershot their critique by conflating genuine failures with problems that even FAANGs struggle with.

In particular, I don't love it when an article attacks a best practice as a cheap gotcha:

"and this time it was super easy! After some basic reversing of the Tapo Android app, I found out that TP-Link have their entire firmware repository in an open S3 bucket. No authentication required. So, you can list and download every version of every firmware they’ve ever released for any device they ever produced"

That is a good thing - don't encourage security through obscurity! The impact of an article like this is as likely to get management to prescribe a ham-handed mandate to lock down firmware as it is to get them to properly upgrade their security practices.

It's probably fair to assume that most of their other camera models are affected by the same or similar issues. It looks like they pump out quite a few models that I image have similar firmware.

This page[1] lists the C200 as last having a firmware update in October, but also lists the latest version as 1.4.4 while the article lists 1.4.2. It seems like they have pushed other updated in this time, but not these security fixes.

[1]https://community.tp-link.com/us/smart-home/kb/detail/412852

Do you think the S3 bucket with the firmware will be available for the foreseeable future? If not could someone archive it somewhere? Maybe make a torrent out if it? My network is very slow and I estimated it's about 990 GiB of data (by summing the column with the bytes in the ls output the author linked). It might be useful to have it as a resource in the future for a variety of reasons.

This is why all my cameras internal or external live on an isolated VLAN with no internet access. It’s nice because HomeKit can still talk to them and I can see it online or locally without an additional app even though the camera themselves has no internet access .

Thingino supports C200 https://thingino.com/#:~:text=SC3336%2C%20WQ9001%2C%208MB-,T...

This is exactly why network segmentation is critical for IoT devices. I always recommend putting all smart cameras and IoT devices on a separate VLAN with no direct internet access - only local network access through a firewall with strict egress rules.

For anyone concerned about their TP-Link cameras, consider: 1. Disable UPnP on your router 2. Use VLANs to isolate IoT devices 3. Block all outbound traffic except specific required endpoints 4. Consider replacing stock firmware with open alternatives when available 5. Regularly check for firmware updates (though as this article shows, updates can be slow)

The hardcoded keys issue is particularly troubling because it means these vulnerabilities persist across the entire product line. Thanks for the detailed writeup - this kind of research is invaluable for the security community.

This is so bad that it must be intentional, right? Even though these are dirt cheap, they couldn't come up with $100,000 to check for run-of-the-mill vulnerabilities? There must be many millions sold. Quite handy for some intel agencies.

I assume any Wi-Fi camera under $150 has basically the same problems. I guess the only way to run a security camera where you don't have Ethernet is to use a non-proprietary Wi-Fi <-> 1000BASE-T adapter. Probably only something homebuilt based on a single board computer and running basically stock Linux/BSD meets that requirement.

Very interesting, I had a go with Ghidra and AWS Amazon Q, used it to reverse the video feed on a toy drone. I did not think to look for GhidraMCP, would of made it a lot quicker.

>25000 devices exposed directly

How does this happen? Doesn’t pretty much every ISP give a router with their modem? How do people manage this?

As soon as i read the author used grok as an ai assistant, i was somehow less interested to keep on reading. Not because of the usage of ai, but the chosen provider. (I don’t know whether grok is just the best choice for this kind of work.)

Is it wrong to judge people for their choice of ai providers?

I more and more tend to not buy any network-connected product if there's no open-source firmware to run on it.

(Phones is one notable exception. I need contactless payments to work.)

If a friend have this camera, shuld he be worried?

Great article. I have the same model and few months ago I did notice it was restarting in a non-scheduled time, and you can tell it restarts because it does a full rotation. First time it happened I ignored it but the second time I knew something was up so I disconnected it and since then been offline, it was recording an insignificant thing anyway.

So which camera brand has adequately designed software? It’s hard to know as a consumer what to trust or not trust, because how do you evaluate the quality of their work when the device SEEMS to work as expected? Is Ring the only choice?

[dead]

A Better Zip Bomb

Read Story

The fact that ZIP files include the catalog/directory at the end is such nostalgia fever. Back in the day it meant that if you naïvely downloaded the file, a partial download would be totally useless. Fortunately, in the early 2000s, we got HTTP's Range and a bunch of zip-aware downloaders that would fetch the catalog first so that you could preview a zip you were downloading and even extract part of a file! Good times. Well, not as good as now, but amusing to think of today.

Debian's `unzip` utility, which is based off of Info-ZIP but with a number of patches, errors out on overlapping files, though not before making a 21 MB file named `0` - presumably the only non-overlapping file.

    unzip zbsm.zip
    Archive:  zbsm.zip
      inflating: 0
    error: invalid zip file with overlapped components (possible zip bomb)

This seems to have been done in a patch to address https://nvd.nist.gov/vuln/detail/cve-2019-13232

https://sources.debian.org/patches/unzip/6.0-29/23-cve-2019-...

I wonder if there's any reverse zip-bombs? e.g. A realy big .zip file, takes long time to unzip, but get only few bytes of content.

Like bomb the CPU time instead of memory.

Previously discussed in 2019, https://news.ycombinator.com/item?id=20352439

Someone shared a link to that site in a conversation earlier this year on HN. For a long time now, I've had a gzip bomb sitting on my server that I provide to people that make a certain categories of malicious calls, such as attempts to log in to wordpress, on a site not using wordpress. That post got me thinking about alternative types of bombs, particularly as newer compression standards have become ubiquitous, and supported in browsers and http clients.

I spent some time experimenting with brotli as a compression bomb to serve to malicious actors: https://paulgraydon.co.uk/posts/2025-07-28-compression-bomb/

Unfortunately, as best as I can see, malicious actors are all using clients that only accept gzip, rather than brotli'd contents, and I'm the only one to have ever triggered the bomb when I was doing the initial setup!

In one of my previous jobs, I got laid off in the most condescending way, only to be asked days later by my former boss to send her some documents. If only I knew about this then...

Decompression is equivalent to executing code for a specialized virtual machine. It should be possible to automate this process of finding "small" programs that generate "large" outputs. Could even be an interesting AI benchmark.

Okay, so I know back in the day you could choke scanning software (ie email attachment scanners) by throwing a zip bomb into them. I believe the software has gotten smarter these days so it won’t simply crash when that happens - but how is this done; How does one detect a zip bomb?

(2019) with last update in 2023.

Is it possible to implement something similar but with a protocol that supports compression? Can we have a zip bomb but with a compressed http response that gets decompressed on the client? There are many protocols that support compression in some way.

8-bit Boléro

Read Story

  According to a possibly apocryphal story from the premiere performance, a woman was heard shouting that Ravel was mad. When told about this, Ravel is said to have remarked that she had understood the piece.

https://en.wikipedia.org/wiki/Bol%C3%A9ro

That Commodore C64 accordion made me laugh.

Ah it's called The Commodordion https://linusakesson.net/commodordion/index.php

For anyone wanting to know, the keyboard layout is that of a chromatic button accordian [0] [1].

I guess there's a C64 "executable" that he's made available but no source so I don't know what the exact keymapping is. I did find a few different resources that show the layout in action [2] [3].

[0] https://www.youtube.com/watch?v=xwsZ41pA_Vo&t=58s

[1] https://en.wikipedia.org/wiki/Chromatic_button_accordion

[2] https://okathira-dev.github.io/client-web-api-sandbox/button...

[3] https://www.rmwinslow.com/tones/

> 0 regrets

That's the most important number in stores like this one.

It’s probably not a coincidence that the climax starts at 13:37.

Ha! I almost posted this here but I thought maybe I was posting too many music videos on HN.

I am part of the LOAD "*", 8, 1 generation, and this is really freaking cool.

One of the funniest things in the video is the variety of neck tie configurations, one for each part.

Several mentions of "the automaton" but no idea what that is. It's a bit vague.

The photo of "the automaton" appears to be a melamine white particleboard panel.

https://www.linusakesson.net/music/bolero/boxes-large.jpg

Amazing! Thanks for sharing.

Nostalgic for Torvill and Dean too

Listened to this exact video this morning when it was among the newest videos in my YouTube subscriptions. I've had it stuck in my head since then.

This is way more pleasant than the kazoo version by famous children's author Sandra Boynton. https://www.youtube.com/watch?v=U14IBek-wNU

He has come a long way since Craft. What a total rock star. In that time I have done nothing as awesome with my life (other than enjoying his productions). Heres to 17 more years of awesomeness!

Great music survives everything ;-)

That's such a good idea with this old equipment. And you can see that the guy tried hard not to laugh. And surprisingly, the arrangement sounds great. Hilarious.

This guy's other video where he covers Clowncore's 'Computers' on computers is one of the most impressive, incredibly niche things I've ever seen on YouTube. He's a serious talent.

If I recall correctly, Boléro (the music piece) has a special meaning in the very early Swedish hacker scene, often used as a sort-of in-joke.

Linus never fails to impress. A true virtuoso

I love projects like this. finally someone found a new use for those dot matrix printers.

I miss dynamic range in music.

Beautifully done! What more can I say?

Those disc drive sounds are so cool

I am so happy that people make things like this <3

:´)

so good

Amazon will allow ePub and PDF downloads for DRM-free eBooks

Read Story

I’d advise anyone buying e-books on Amazon to think it through carefully. My account was banned recently because, years ago, I ordered two paper books that Amazon said would be split into two shipments. Both books arrived without any issues, but later Amazon refunded me for one of them, claiming that one package never arrived. This happened 4–5 years ago.

Apparently, during a recent review, they decided this counted as fraud and banned my account. As a result, I can no longer log in and lost access to all my Kindle e-books. They also remotely wiped my Kindle, so my entire library is gone. I appealed the decision, but I’ve been waiting for over six months with no resolution.

Hah, they actually did a slight rollback! When I first heard about them stopping the downloads, I immediately downloaded all the books I purchased from Amazon and went from buying ~1 book per week to 0. Seems a lot of us doing so had some sort of effect.

Unfortunately, it seems like this will be chosen by the publisher, so of course probably most of the books won't be downloadable at all, and Amazon can now point their finger at the publisher instead of taking the blame themselves. Publishers was probably always the reason behind the move, but at least now Amazon have someone else to blame, which I guess is great for them.

But only if the author/publisher explicitly go in and permit it.

This isn't announcing that pdf's and epub's are now available for everything that was drm-free, this is announcing that they will _permit_ pdf's and epub's to be available.

This was unexpected. They lost me as a customer when they stopped allowing me to download books I bought and I'm in the Kobo (+ BookLore) side now and I am not coming back.

I wonder how many books are actually DRM-free and are going to be affected by this change. I suspect relatively few, but I would be happy to be wrong

How many books are actually available DRM-free? This reads a bit like "Amazon will provide free land, construct a paddock and provide feed for life if you order a unicorn, except unicorns don't exist".

Too little too late, already ditched the whole ecosystem after so many years and devices.

Just get a kobo instead. The price difference between with ads and a new kobo is minimal. Not worth the Amazon headache with a locked down device.

I wonder if this is in response to Bookshop.org's DRM free e-book shop. I buy a lot of e-books and have completely switched over because of that feature.

So Gutenberg and the internet archive could monetise click through links or an affiliate program? No disrespect intended, if this meant we could fund them with Amazon pitching in some vig I'd think about it. Mind you, they'd probably make more with direct donation per person, but Amazon could drive many multiples more via the store.

Haha, what a headline.

The internet "allows" ePub and PDF downloads for ALL books. Adjust yourselves accordingly.

I've "collected" 500+ Kindle titles over the years and stopped buying from them completely when they blocked downloads earlier this year. When they enable these downloads, I'm going to export the ones I didn't get last time and continue NOT buying from them.

Fool me once..

Do yourself a favor and go get a Kobo reader, install KO Reader on it and never look back.

As the author of five books (and my most recent one entirely self-published), I haven't yet worked out how I feel about this or how to respond. My current compromise is to charge more on the DRM-free LeanPub.

Too little too late. I’ve already ditched Amazon for ebooks in favor of Kobo’s ecosystem. It’s not flawless but it’s not soul sucking either.

How do I know if any of the books I already have are DRM free? And how to get the epub or PDF?

This is all very interesting news. From a sales standpoint, they're nearly admitting they cannot manage DRM properly and at Amazon scale. From a copyright standpoint, antipiracy will be extremely hard to enforce. The only middle ground is targeting honest buyers, and we all know how well that works. We should not expect this to be a permanent change. Perhaps it will be more of a very short, DRM-free golden age until another Amazon executive comes down and ends this experiment.

For all three DRM-free titles?

I thought they already allowed this. Is this a reversal on a recent restriction?

Well, it's a step in the right direction. I will never pay for an ebook that I cannot permanently possess. And DRM is pointless. At some point the words become visible and therefore are copyable.

I could see them buying the rights to popular free or DRM-free books and bringing them into their store, along with all the consequences that would entail.

Not to mention the spying they'll do - Whatcha reading?

Can anyone find even one DRM-free ebook on Amazon Kindle?

I hope they will allow me to download e-books that I uploaded through their upload site.

I do backups but better be safe than sorry.

First think I do and have ever done after having had to buy a book from Amazon: Pull it into Calibre and remove DRM.

These days I don’t buy from them but the same with Kobo which is a better company to begin with.

Well... Lots of companies are snitching their customers now

Recently signed up for Littler Books for the sole reason they offered everything in epub, pdf and Word doc. Sad this is not the standard for paid content.

I think we should not allow Amazon to control our digital life.

Same with Google etc... just look how bad youtube has gotten. I try to find a video xyz, using the search term xyz, and after like 5 results, random videos show up. That is not a "search", that is propaganda and an attempt to retain people on the platform - but I am already on the platform playing BACKGROUND MUSIC of some DJs. Why is Google wasting my time when I want to FIND something? And what is even worse - that leaked onto the search engine too. The search engine has been ruined by Google deliberately so in the last some years.

So weird. They lock it down so you can’t put stuff on their device, but now you can buy drm free on some other device?

At least better than completely disallowing it I guess.

I have zero qualms removing DRM or downloading pirated version of media I have previously purchased.

I don't let those laws (corporate opinions) degrade my quality of life.

Wow it took this long to adopt epub?

What's amazon's angle on this? Because it's not believable that they wouldn't have an angle.

So the real question is - how is amazon going to enshitify drm-free books? Are they trying to wipe out gutenburg, standard-ebooks, etc?

Are they trying to be the youtube of drm-free? The place where everyone goes, and that becomes crap due updating Ts&Cs - inserting ads or charges?

All ePub and PDF downloads are here: https://open-slum.org/

So much for your master’s mercy

I believe every book I buy I’m allowed to backup in any format I want. Come and get me

The current experience of using a Kobo Libre Color, Koreader, any webdav mounted in koreader and pirating everything on annas archive et. al. cannot be beat by any commercial offering. Unsuprisingly my copy of 1984 has never been deleted from my NAS

This is a step in the right direction. Now publishers need to take it up.

DRM-free is a precondition for me buying digital books personally. Practically no major digital bookstore offers it.

time to pick up my e-book reader again..

Thank you great exalted one! We don't deserve your endless generosity.

They're still going to take note of what you're reading and possibly brand you as a non-ultra-capitalist disruptor. Amazon can get fucked.

I still buy physical media from them once a year (November) when availabilty and rest of the world can't compete price-wise. Yes I recognise the hypocrisy of said actions and minimise it as much as possible. Non-US based. Many physical media producers (e.g. Disney) no longer produce stuff for our 'region'.

[dead]

Nobody with sane mind cares. You may buy Kindle, but then you jailbreak it right away. You can "buy" Kindle e-books, but then you exfiltrate these right away. When you stand your ground, what can Amazon allow you or not allow?

GotaTun – Mullvad's WireGuard Implementation in Rust

Read Story

I definitely noticed the performance boost on my Pixel 8, for some reason it seems to really not like wireguard-go, it struggled to pull even 100mbps, maybe something unoptimized on Google's custom hardware. With the new GotaTun version I can pull 500mbps+, though unfortunately it also seems to have introduced a bug that randomly prevents the phone from entering a deep sleep state, so occasionally my battery will randomly start draining at 10x normal speed if I have it enabled until I reboot.

Nice, I love WireGuard. I ended up building WrapGuard [1] to run applications without root access to the host and choose Go to write it in. I don't really know Rust, but does it make more sense for firmware/networking type software? Is there even a difference?

1. https://github.com/puzed/wrapguard

Fingers crossed that GotaTun will also make its way into the Tailscale Android app (since that's what I use to connect to Mullvad).

the linked issues are quite interesting, why does go have to page in so much memory for the GoString? Is this for some sort of optimization? https://github.com/mullvad/mullvadvpn-app/pull/6727

if anyone else is more familiar with go (I only really do rust) is there no solution to preventing stack smashing on goroutines? https://github.com/mullvad/mullvadvpn-app/pull/7728 I understand that go routines have a smaller stack size (the whole green thread problem) but there's no way to fix this?

I wish they would improve wireguard-the-protocol as well: wireguard doesn't stand a chance against gov/isp blocks.

If anyone working on the implementation is here, was it not possible to upstream your changes to BoringTun? The blog mentions some changes but doesn't go into detail on that aspect.

Its funny, this is another of the billions of reasons why Mullvad should be the VPN of choice. But so many fucking people can't ever get over that their favorite social media influencer/Youtuber is offering a code for 200% off of NordShark VPN, now with extra AI.

I thought Wireguard runs inside the kernel on Android since it ships as part of Linux now.

I would love to see more root cause analysis data on the crashes they were seeing with wireguard-go. I wonder if it was bugs in the library itself, or the FFI.

For the similar reason I do not using any go based proxy code in my MintFlow app, and use rust to implement some proxy protocols.

But my app’s wireguard is natively implemented by fdio vpp plugin, so it’s based on C.

Is there any way to switch to this implementation for generic WireGuard users?

I tried downloading their Android app, but it's not generally usable for people who host our own WireGuard, which is fair enough.

Can you use DAITA with just gotatun (on linux) or do you require the Mullvad daemon?

One meta thing I've always wondered ... Are multiple implementations of the same protocol good or bad for security?

Probably naively, I'm thinking:

    - diversity: good
    - doubling the attack surface: real bad

What do the security folks out there think of the topic?

Now that's how you name things!

[dead]

[flagged]

Graphite is joining Cursor

Read Story

Imo Cursor did had the first mover advantage by making the first well known AI coding agent IDE. But I can't help but think they have no realistic path forward.

As someone who is a huge IDE fan, I vastly prefer the experience from Codex CLI compared to having that built into my IDE, which I customize for my general purposes. The fact it's a fork of VSCode (or whatever) will make me never use it. I wonder if they bet wrong.

But that's just usability and preference. When the SOTA model makers give out tokens for substantially less than public API cost, how in the world is Cursor going to stay competitive? The moat just isn't there (in fact I would argue its non-existent)

Hi all! Graphite cofounder Greg here - happy to help answer questions. To preempt one: I’ve been asked a few times so far why we decided to join.

Personally, I work on Graphite for two reasons. 1) I love working with kind, smart, intense teammates. I want to be surrounded by folks who I look up to and who energize me. 2) I want to build bleeding-edge dev tools that move the whole industry forward. I have so much respect for all y’all across the world, and nothing makes me happier than getting to create better tooling for y’all to engineer with. Graphite is very much the combination of these two passions: human collaboration and dev tools.

Joining Cursor accelerates both these goals. I get to work with the same team I love, a new bunch of wonderful people, and get to keep recruiting as fast as possible. I also get to keep shipping amazing code collaboration tooling to the industry - but now with more resourcing and expertise. We get to be more ambitious with our visions and timelines, and pull the future forward.

I wouldn’t do this if I didn’t think the Cursor team weren’t standup people with high character and kindness. I wouldn’t do this if I thought it meant compromising our vision of building a better generation of code collaboration tooling. I wouldn’t do it if I thought it wouldn’t be insanely fun and exciting. But it seems to be all those things, so we’re plunging forward with excitement and open hearts!

If these ai companies had 100x dev output, why would you acquire a company? Why not just show screenshots to your agent and get it to implement everything?

Is it market share? Because I don't know who has a bigger user base that cursor.

I'm really used to my Graphite workflow and I can't imagine going without it anymore. An acquisition like this is normally not good news for the product.

I’m working on something in a similar direction and would appreciate feedback from people who’ve built or operated this kind of thing at scale.

The idea is to hook into Bitbucket PR webhooks so that whenever a PR is raised on any repo, Jenkins spins up an isolated job that acts as an automated code reviewer. That job would pull the base branch and the feature branch, compute the diff, and use that as input for an AI-based review step. The prompt would ask the reviewer to behave like a senior engineer or architect, follow common industry review standards, and return structured feedback - explicitly separating must-have issues from nice-to-have improvements.

The output would be generated as markdown and posted back to the PR, either as a comment or some attached artifact, so it’s visible alongside human review. The intent isn’t to replace human reviewers, but to catch obvious issues early and reduce review load.

What I’m unsure about is whether diff-only context is actually sufficient for meaningful reviews, or if this becomes misleading without deeper repo and architectural awareness. I’m also concerned about failure modes - for example, noisy or overconfident comments, review fatigue, or teams starting to trust automated feedback more than they should.

If you’ve tried something like this with Bitbucket/Jenkins, or think this is fundamentally a bad idea, I’d really like to hear why. I’m especially interested in practical lessons.

wtf is graphite and why do they assume everyone knows

Love this announcement style. Direct, confident, and not a word longer than it needs to be. Gives major "the work speaks for itself" vibes. OpenAI's comms used to be like this, until it morphed into Apple-like grandiosity that instead comes off as try-hard.

it would be nice if these tools named themselves something other than some random dictionary word, so you could tell what they are

what does graphite have to do with code review?

Well, time to bite the bullet and learn jujutsu over the holidays

> We’re sunsetting Supermaven after our acquisition one year ago.

> After bringing features of Supermaven to Cursor Tab, we now recommend any existing VS Code users to migrate to Cursor.

Supermaven was acquired by Cursor and sunset after 1 year.

Why doesn't Cursor allow selecting a LLM for code completion in the UI anymore and forces "auto" everywhere now? I have a Pro account and noticed this started like a month ago, and the "auto" output was often garbage, not following the instructions.

i mentioned a few months ago that it was a shame where graphite was headed re: AI (https://news.ycombinator.com/item?id=44955187). this appears to be the final nail in the original products coffin

for anyone else looking for a replacement, git spice and jujutsu are both fantastic

if my employer has a cursor sub, but not a graphite sub, will this news free me from the demon's shackles from hell of github PRs?

Startups should check the internet before naming them after tools like Graphite for monitoring https://graphiteapp.org/.

I wonder about this. Graphite is a fantastic tool that I use every day. Cursor was an interesting IDE a year ago that I don't really see much of a use case for anymore. I know they've tried to add other features to diversify their business, and that's where Graphite fits in for them, but is this the best exit for Graphite? It seems like they could have gotten further on their own, instead of becoming a feature that Cursor bought to try to stay in the game.

Congrats team! Graphite was basically what GitHub should have been but never was

Huge fans of their work @ GitStart!

Blacksmith.sh acquisition in 3, 2, 1 ...

Then Cursor takes on GitHub for the control of the repo.

Good news. Been using Cursor heavily for over a year now (on the Ultra plan currently). Hope we get access to this as part of our existing subscriptions.

> The way developers write code looks different than it did a few years ago.

Looks bad: https://forum.cursor.com/t/font-on-the-website-looks-weird/1...

Does anyone get actual insightful reviews from these code review tools? From most people I've spoke with, it catches things like code complexity, linting, etc but nothing that actual relates to business logic because there's no way it could know about the business logic of the product

IMO this is a smart move. A lot of these next-gen dev tools are genuinely great, but the ecosystem is fragmented and the subscriptions add up quickly. If Cursor aquires a few more, like Warp or Linear, they can become a very compelling all-in-one dev platform.

Confusing. I thought graphite was a TSDB

Such a common name honestly had no idea who it would be

I guess this makes sense Github announced they are gonna bring stacked PRs this year so I think that kinda makes Graphite obsolute.

If my company has an existing Cursor subscription, can we get Graphite for free?

Hi! Another one of the Graphite co-founders here. Alongside Greg, happy to answer any questions :)

This is annoying, Graphite's core feature of stacked PRs is really good despite all the AI things they've added around their review UI. I doubt we'll want to keep relying on that for very long now.

congrats Greg, Merrill, and the rest of the folks at Graphite!

- Hunter @ Ellipsis

two of my fave products under one roof? ok hell yeah

I thought it were graphite.art and had a figurative heart attack.

What? They could vibe code this?

[flagged]

Oh, the code review system. I was worried that my favourite web svg editor got bought up: https://graphite.rs/

Brown/MIT shooting suspect found dead, officials say

Read Story

I work on campus (very very close to the engineering building) and I previously lived near Brookline. So all of this hits home.

But what got me was the tipster who blew wide open the case is reportedly a homeless Brown graduate who lived in the basement of the engineering building (a la South Korean film Parasite). It made me so sad but also not surprised, that building does have a single occupancy bathroom with showers; and no keycard access was needed in the evening until 7pm.

So it made sense to me that he or she would've used that building for shelter and comfort. Also it didn't boggle my mind at all that a Brown grad (from the picture, the tipster looked like a artistic Brown student vs. the careerist type) would be homeless - given that I known many of my classmates who have a certain personality, brilliant but also idealistic/uncompromising that made them brittle unfortunately in a society that rewards conformity, settling and stability.

I can't get over the fact that two Brown student whom presumably have fallen on the wayside of society have chosen two different paths, (1) the homeless guy who still perseveres even in the basement of Barrus & Holley for 15 years a la Parasite after 2010 graduation but still has the situational awareness and rises to the occasion to give the biggest tip to the Providence Police, (2) the other guy who harbors so much resentment over a course of 25 years to plan a trip from Florida to gun down innocent kids who are 18 and 19 and his classmate when they were 18 and 19 year old.

Worth noting that a partner at Sequoia (Shaun Maguire) publicly accused the wrong guy of being the shooter.

https://www.fastcompany.com/91463942/sequoia-shaun-maguire-b...

I live in the area. Crazy how many helicopters and drones showed up so quick and how many police there were. For several hours more and more police and FBI vehicles kept arriving. Probably ended up with close to 100 officers on scene. Salem NH PD, Methuen MA PD, Providence RI PD, NH state police, MA state police, FBI, and US Marshal service were the ones I saw.

I think it's the biggest response I've personally seen since the Boston Marathon Bombing.

My apologies to the guy who first proposed that the shootings were related--I thought that was a real stretch.

Obviously a lot of footage in investigations does not reach the public, during active ones or even after. But if you've followed these stories it seems liket between the Brown shooting and the Kirk/Utah shooting, there is a potential concern with universities not having security footage in certain areas of their campus? Has anyone else inquired more into this?

> John posted about the encounter on Reddit after the shooting

Anyone have the Reddit link? (I wonder why the article doesn't include it)

The thing that bothers me about the whole story, apart from the deaths of course, is that we live in a surveillance state. While I want major crimes to be resolved and there to be deterrents to future ones, I just don't know about turning the whole US into East Germany. It's not going to work out well for any of us. As you can see, it didn't help solve the crimes, either. It was witnesses who did all the heavy lifting here.

Another shooting with random or unclear motives, which conveniently fits an anti-immigrant narrative, also conveniently tied up with a bow... Don't get too caught up in the specifics of the spectacle, and take a long view of really weird coincidence.

You'd think the washington post would have figured out how to turn off ads on somber articles by now

sadly flock ended up being helpful here (according to the police per the article). also interesting that it was some random homeless guy who happened to be there that blew the whole thing wide open. despite all of the surveillance...

Qwen-Image-Layered: transparency and layer aware open diffusion model

Read Story

Qwen-Image-Layered is a diffusion model that, unlike most SOTA-ish models out there (e.g. Flux, Krea 1, ChatGPT, Qwen-Image) it's (1) open-weight (unlike ChatGPT Image or Nano Banana) and Apache 2.0; and has 2 distinct inference-time features: (i) it's able to understand the alpha channel of images (RGBA, as opposed to RGB only) which makes it able to generate transparency-aware bitmaps; and (ii), it's able to understand layers [1]—this is how most creative professionals work in software like Photoshop or Figma, where you overlay elements into a single file, such as a foreground and a background.

This is the first model by a main AI research lab (the people behind Qwen Image, which is basically the SOTA open image diffusion model) with those capabilities afaik.

The difference in timing for this submission (16 hours ago) is because that's when the research/academic paper got released—as opposed to the inference code and model weights, which just got released 5 hours ago.

---

Technically there's another difference, but this mostly matters for people who are interested in AI research or AI training. From their abstract: “[we introduce] a Multi-stage Training strategy to adapt a pretrained image generation model into a multilayer image decomposer.” which seems to imply that you can adapt a current (but different) image model to understand layers as well, as well as a pipeline to obtain the data from Photoshop .PSD files.

PBS News Hour West to go dark after ASU discontinues contract

Read Story

I love how every ten seconds, the site repositions the scroll so as to promote ads at the expense of actually finishing the article lol

Performance Hints (2023)

Read Story

This formatting is more intuitive to me.

  L1 cache reference                   2,000,000,000 ops/sec
  L2 cache reference                   333,333,333 ops/sec
  Branch mispredict                    200,000,000 ops/sec
  Mutex lock/unlock (uncontended)      66,666,667 ops/sec
  Main memory reference                20,000,000 ops/sec
  Compress 1K bytes with Snappy        1,000,000 ops/sec
  Read 4KB from SSD                    50,000 ops/sec
  Round trip within same datacenter    20,000 ops/sec
  Read 1MB sequentially from memory    15,625 ops/sec
  Read 1MB over 100 Gbps network       10,000 ops/sec
  Read 1MB from SSD                    1,000 ops/sec
  Disk seek                            200 ops/sec
  Read 1MB sequentially from disk      100 ops/sec
  Send packet CA->Netherlands->CA      7 ops/sec

Some of this can be reduced to a trivial form, which is to say practiced in reality on a reasonable scale, by getting your hands on a microcontroller. Not RTOS or Linux or any of that, but just a microcontroller without an OS, and learning it and learning its internal fetching architecture and getting comfortable with timings, and seeing how the latency numbers go up when you introduce external memory such as SD Cards and the like. Knowing to read the assembly printout and see how the instruction cycles add up in the pipeline is also good, because at least you know what is happening. It will then make it much easier to apply the same careful mentality to this which is ultimately what this whole optimization game is about - optimizing where time is spent with what data. Otherwise, someone telling you so-and-so takes nanoseconds or microseconds will be alien to you because you wouldn’t normally be exposed to an environment where you regularly count in clock cycles. So consider this a learning opportunity.

Wonderful article. I wish more people had this pragmatic approach when thinking about performance

Show HN: TinyPDF – 3kb pdf library (70x smaller than jsPDF)

Read Story

It's definitely far easier to emit a controlled, useful subset of PDF than it is to parse PDF documents. I wrote a small PDF library for the Decker ecosystem that just focuses on bitmaps and page layout; roughly 4kb and 135 LoC.

docs/demos: https://beyondloom.com/decker/pdf.html

browsable source: https://github.com/JohnEarnest/Decker/blob/main/examples/dec...

Only supports ASCII characters, which is part of the trick here. As soon as you need more Unicode (even just typographic quote characters and such), you’ll need significantly more logic. Also no bold, italics, etc.

Back in the day I needed PDF export for some client thing. I can't remember if I was using pdfjs or jspdf. I do however remember that it was many thousands of lines of code, and yet, I had to lay out the lines of text on the page manually.

My page layout code was like 50 lines of code. And I remember thinking... OK they already wrote 8,000 lines of code... They couldn't have added 50 more?!

400 lines though. Respect. I will take a proper look at this when I recover from burnout :)

While not quite as small as 3kb, I recently found this incredible library called html-to-image that's only 300kb. It clones whatever subtree of your document you want to a <foreignObject> inside an svg which then allows it to output canvas, png, svg, pdf, blob, jpeg, etc. Even more impressively is that it handles custom fonts, pseudo-elements, computed styles and more.

https://github.com/bubkoo/html-to-image

It's probably the most impressive and seamless experience I've had with converting HTML to pdfs/images so I just wanted to sing its praises here

Great exercize, but for most use cases - people will continue reaching for jsPDF.

I think if you have a markdown->PDF function included, where I can send in markdown and get PDF, that would solve quite many needs, and would be useful.

So essentially - it only works with Latin script? Because without fonts, every other script is NOT going to render.

3KB is wild. What features did you intentionally leave out to get this small?

is it related to one of the other 10 products called TinyPDF?

Rust's Block Pattern

Read Story

I have one better: the try block pattern.

https://doc.rust-lang.org/beta/unstable-book/language-featur...

There are some situations with tricky lifetime issues that are almost impossible to write without this pattern. Trying to break code out into functions would force you to name all the types (not even possible for closures) or use generics (which can lead to difficulties specifying all required trait bounds), and `drop()` on its own is of no use since it doesn't effect the lexical lifetimes.

More significantly the new variables x and y in the block are Drop'd at the end of the block rather than at the end of the function. This can be significant if:

- Drop does something, like close a file or release a lock, or

- x and y don't have Send and/or Sync, and you have an await point in the function or are doing multi-threaded stuff

This is why you should almost always use std::sync::Mutex rather than tokio::sync::Mutex. std's Mutex isn't Sync/Send, so the compiler will complain if you hold it across an await. Usually you don't want mutex's held across an await.

You can also de-mut-ify a variable by simply shadowing it with an immutable version of itself:

let mut data = foo(); data.mutate(); let data = data;

May be preferable for short snippets where adding braces, the yielded expression, and indentation is more noise than it's worth.

I love that this is part of the syntax.

I typically use closures to do this in other languages, but the syntax is always so cumbersome. You get the "dog balls" that Douglas Crockford always called them:

``` const config = (() => { const raw_data = ...

  ...

  return compiled;

})()'

const result = config.whatever;

// carry on

return result; ```

Really wish block were expressions in more languages.

Blocks being expressions is one of the features of the Rust language I really love (and yes I know it's not something Rust invented, but it's still not in many other popular languages).

That last example is probably my biggest use of it because I hate having variables being unnecessarily mutable.

Block expression https://doc.rust-lang.org/reference/expressions/block-expr.h...

Also in Kotlin, Scala, and nim.

This seems like a great way to group semantically-related statements, reduce variable leakage, and reduce the potential to silently introduce additional dependencies on variables. Seems lighter weight (especially from a cognitive load perspective) than lambdas. Appropriate for when there is a single user of the block -- avoids polluting the namespace with additional functions. Can be easily turned into a separate function once there are multiple users.

The first example given is not at all convincing. Its is clear as the sky that loading the config file should be be a separate function of its own. Coupling sending HTTP requests with it makes no sense.

The second example "erasure of mutability" makes more sense. But this effectively makes it a Rust-specific pattern.

Not mentioned in the article but kinda neat: you can label such a block and break out of it, too! The break takes an argument that becomes the value of the block that is broken out of.

I often employ this pattern in Ruby using `.tap` or a `begin` block.

It barely adds any functionality but it's useful for readability because of the same reasons in the OP.

It helps because I've been bitten by code that did this:

  setup_a = some_stuff
  setup_b = some_more_stuff
  i_think_this_is_setup = even_more_stuff
  the_thing = run_setup(setup_a, setup_b, i_think_this_is_setup)

That's all fine until later on, probably in some obscure loop, `i_think_this_is_setup` is used without you noticing.

Instead doing something like this tells the reader that it will be used again:

  i_think_this_is_setup = even_more_stuff
  
  the_thing = begin
    setup_a = some_stuff
    setup_b = some_more_stuff
    run_setup(setup_a, setup_b, i_think_this_is_setup)
  end

I now don't mentally have to keep track of what `setup_a` or `setup_b` are anymore and, since the writer made a conscious effort not to put it in the block, you will take an extra look for it in the outer scope.

It's idiomatic in Kotlin as well!

https://kotlinlang.org/docs/scope-functions.html

This is also somewhat common in c++ with immediate-invoked lambdas

GCC adds similar syntax as an extension to C: https://gcc.gnu.org/onlinedocs/gcc/Statement-Exprs.html

It's used all throughout the Linux kernel and useful for macros.

This is one of those natural consequences of "everything is an expression" languages that I really like! I like more explicit syntax like Zig's labelled blocks, but any of these are cool.

Try this out, you can actually (technically) assign a variable to `continue` like:

let x = continue;

Funnily enough, one of the few things that are definitely always a statement are `let` statements! Except, you also have `let` expressions, which are technically different, so I guess that's not really a difference at all.

Reminds of Brian Wills OOP rant video from 2016. He advocates exactly for this pattern: https://www.youtube.com/watch?v=QM1iUe6IofM&t=2235s

I think the technique is important to have in your vocabulary, but I think the examples given are a weak sell.

In the example given, I would have preferred to extract to a method—-what if I want to load the config from somewhere else? And perhaps the specific of strip comments itself could have been extracted to a more-semantically-aptly named post-processing method.

I see the argument that when extracted to a function, that you don’t need to go hunting for it. But if we look at the example with the block, I still see a bunch of detail about how to load the config, and then several lines using it. What’s more important in that context—-the specifics of the loading of config, or the specifics of how requests are formed using the loaded config?

The fact that you need to explain what’s happening with comments is a smell. Properly named variables and methods would obviate the need for the comments and would introduce semantic meaning thru names.

I think blocks are useful when you are referencing a lot of local variables and also have fairly localized meaning within the method. For example, you can write a block to capture a bunch of values for logging context—-then you can call that block in every log line to get a logging context based on current method state. It totally beats extracting a logging context method that consumes many variables and is unlikely to be reused outside of the calling method, and yet you get delayed evaluation and single point of definition for it.

So yes to the pattern, but needs a better example.

I use this all the time. It's features like these that sell Rust for me honestly; even if you wrapped your whole program in `unsafe` it would still be a massively better language than C++ or C.

This is a great addition to the best patterns and practices in Rust. Worth noting and using. In JavaScript there's the proposal of "do expressions" which accomplish the same.

Obligatory use: it’s a block I guess

Voluntary use: I know this one. It’s a pattern now.

NOAA deploys new generation of AI-driven global weather models

Read Story

These are available on Weatherbell[1] (which requires a subscription) now except for the HGEFS ensemble model which I'm guessing will probably be added later. AIGFS is on tropical tidbits which should be free for some stuff[5]. I believe some of the research on this is mentioned in these two[2][3] videos from NOAA weather partners site. They also talk about some of the other advances in weather model research.

One of the big benefits of both the single run (AIGFS) and ensemble (AIGEFS) models is the speed and (less) computation time required. Weather modeling is hard and these models should be used as complementary to deterministic models as they all have their own strengths and weaknesses. They run at the same 0.25 degree resolution as the ECMWF AIFS models which were introduced earlier this year and have been successful[4].

Edit: Spring 2025 forecasting experiment results is available here[6].

[1] https://www.weatherbell.com/

[2] https://www.youtube.com/watch?v=47HDk2BQMjU

[3] https://www.youtube.com/watch?v=DCQBgU0pPME

[4] https://www.ecmwf.int/en/forecasts/dataset/aifs-machine-lear...

[5] https://www.tropicaltidbits.com/analysis/models/

[6] https://repository.library.noaa.gov/view/noaa/71354/noaa_713...

I've seen the Microsoft Aurora team make a compelling argument that weather is an interesting contradiction of the AI-energy-waste narrative. Once deployed at scale, inference with these models is actually a sizable energy/compute improvement over classical simulation and forecasting methods. Of course it is energy intensive to train the model, but the usage itself is more energy efficient.

Interestingly, while this model is based on a Google Deepmind AI weather model, it's based on a model from 2023 (GraphCast) rather than the WeatherNext 2 model which has grabbed headlines as of late. I'd imagine it takes a while to integrate and test everything, explaining the gap.

I am dearly hoping that they are using the current "AI" craze to talk up the machine learning methods they have presumably been using for a decade at this point, and not that they have actually integrated an LLM into a weather model.

What does AI refer to here? Presumably weather models have been using all sorts of advanced machine learning for decades now, so what’s AI about this that wasn’t AI previously?

Is there a primer for reading these files?

https://www.nco.ncep.noaa.gov/pmb/products/gens/

https://www.emc.ncep.noaa.gov/emc/pages/numerical_forecast_s...

These look like staging MVP releases with a full rollout planned for the future. They are only including a few parameters at every 6 hours which is barely interesting to anyone with their feet on the ground.

I wonder if the new models consider land use change and emissions from aggressive datacenter development and model training...

Apparently it seems to be impossible with these files and the best AI right now to answer the simple question, will it rain in midtown Manhattan tomorrow?

how about working with Weather Underground to validate predicted weather at ground level? Here in Southern CO would be a perfect place to try this. Weather Underground has thousands of volunteer backyard weather stations, including mine.

I understand that aviation safety is certainly a primary concern for NWS/NOAA but ground level forecasts are also very important for public safety.

Whatever it is, it seems like it might be roughly competitive with ECMWF, the state of the art when it comes to global weather models: https://www.epic.noaa.gov/ai/eagle-verification/

A quick search didn't turn up anything about the model's skill or resolution, though I'm sure the data exists.

Neil Jacobs, Ph.D

This makes me skeptical that it isn’t just politicized Trumpian nonsense.

Language Immersion, Prison-Style (2017)

Read Story

The FreeBSD Foundation's Laptop Support and Usability Project

Read Story

So, is there a laptop that has good support for FreeBSD support out of the box?

My requirements are: suspend/resume, being able to drive a 5K monitor over USB-C, wifi.

I found https://wiki.freebsd.org/Laptops but I don't know how up-to-date it is.

FreeBSD status on Apple Silicon, https://wiki.freebsd.org/AppleSilicon

(random anecdote) My first and last experience with FreeBSD laptop was trying to use 3.x (!) on a Dell Inspiron 3500 (PII-350 maybe?), no sound modules were precompiled or included or whatever. Took about 3 days for `make world` to finally finish rebuilding... and then sound still not work. Red Hat 6.x "just worked" in all regards.

I'm curious why Apple doesn't support this effort: they have done a lot of the work and it won't exactly harm their market share.

Yessssssss!!! I would love to help out in any way I can. I’m no good at kernels and stuff but I’m a Linux/unix man and I know graphics.

I would love to see a FreeBSD Workstation edition akin to like Fedora or Ubuntu where things just work (mostly).

Wayland took too long. We’re still stuck on Gtk. KDE Plasma team is making moves. I just want a nice, BSD, desktop experience without all the enshitification of copilot or Apple knowing what’s best for me.

Believe the Checkbook

Read Story

> The bottleneck isn’t code production, it is judgment.

It always surprises me that this isn't obvious to everyone. If AI wrote 100% of the code that I do at work, I wouldn't get any more work done because writing the code is usually the easy part.

Something about the way the article sets up the conversation nags at me a bit - even though it concludes with statements and reasoning I generally agree quite well with. It sets out what it wants to argue clearly at the start:

> Everyone’s heard the line: “AI will write all the code; engineering as you know it is finished... The Bun acquisition blows a hole in that story.”

But what the article actually discusses and demonstrates by the end of the article is how the aspects of engineering beyond writing the code is where the value in human engineers is at this point. To me that doesn't seem like an example of a revealed preference in this case. If you take it back to the first part of the original quote above it's just a different wording for AI being the code writer and engineering being different.

I think what the article really means to drive against is the claim/conclusion "because AI can generate lots of code we don't need any type of engineer" but that's just not what the quote they chose to set out against is saying. Without changing that claim the acquisition of Bun is not really a counterexample, Bun had just already changed the way they do engineering so the AI wrote the code and the engineers did the other things.

> Treat AI as force multiplication for your highest-judgment people. The ones who can design systems, navigate ambiguity, shape strategy, and smell risk before it hits. They’ll use AI to move faster, explore more options, and harden their decisions with better data.

Clever pitch. Don't alienate all the people who've hitched their wagons to AI, but push valuing highly-skilled ICs as an actionable leadership insight.

Incidentally, strategy and risk management sound like a pay grade bump may be due.

People speak in relative terms and hear in absolutes. Engineers will never completely vanish, but it will certainly feel like it if labor demand is reduced enough.

Technically, there’s still a horse buggy whip market, an abacus market, and probably anything else you think technology consumed. It’s just a minuscule fraction of what it once was.

I disagree with this article and what it attempts to do: frame the acquisition using a conjecture. The only thing to “believe” are the authors reasons - which are flimsy, because they are the very thing we need to be critical of.

I don’t know why the acquisition happened, or what the plans are. But it did happen, and for this we don’t have to suspend disbelief. I don’t doubt Anthropic has plans that they would rather not divulge. This isn’t a big stretch of imagination, either.

We will see how things play out, but people are definitely being displaced by AI software doing work, and people are productive with them. I know I am. The user count of Claude Code, Gemini and ChatGPT don’t lie, so let’s not kid ourselves.

While I agree with the premise of the article, even if it was a bit shallow, this claim made at the beginning is also still true:

> Everyone’s heard the line: “AI will write all the code; engineering as you know it is finished.”

Software engineering pre-LLMs will never, ever come back. Lots of folks are not understanding that. What we're doing at the end of 2025 looks so much different than what we were doing at the end of 2024. Engineering as we knew it a year or two ago will never return.

"Believe the checkbook? Why do that when I can get pump-faked into strip-mining my engineering org?"- VPs everywhere

The ten dollar word for this is “revealed preferences”

How do I know they didn't buy them just to make sure their competitors couldn't?

The bun acquisition is driven by current AI capabilities.

This argument requires us to believe that AI will just asymptote and not get materially better.

Five years from now, I don't think anyone will make these kinds of acquisitions anymore.

[dead]

Lite^3, a JSON-compatible zero-copy serialization format

Read Story

Author here,

First of all, hello Hacker News :)

Many of the comments seem to address the design of key hashing. The reason for using hashed keys inside B-tree nodes instead of the string keys directly is threefold:

1) The implementation is simplified.

2) When performing a lookup, it is faster to compare fixed-sized elements than it is to do variable length string comparison.

3) The key length is unlimited.

I should say the documentation page is out of date regarding hash collisions. The format now supports probing thanks to a PR merged yesterday. So inserting colliding keys will actually work.

It is true that databases and other formats do store string keys directly in the nodes. However as a memory format, runtime performance is very important. There is no disk or IO latency to 'hide behind'.

Right now the hash function used is DJB2. It has the interesting property of somewhat preserving the lexicographical ordering of the key names. So hashes for keys like "item_0001", "item_0002" and "item_0003" are actually more likely to also be placed sequentially inside the B-tree nodes. This can be useful when doing a sequential scan on the semantic key names, otherwise you are doing a lot more random access. Also DJB2 is so simple that it can be calculated entirely by the C preprocessor at compile time, so you are not actually paying the runtime cost of hashing.

We will be doing a lot more testing before DJB2 is finalized in the spec, but might later end up with a 'better' hash function such as XXH32.

Finally, TRON/Lite³ compared to other binary JSON formats (BSON, MsgPack, CBOR, Amazon Ion) is different in that:

1) none of the formats mentioned provide direct zero-copy indexed access to the data

2) none of the formats mentioned allow for partial mutation of the data without rewriting most of the document

This last point 2) is especially significant. For example, JSONB in Postgres is immutable. When replacing or inserting one specific value inside an object or array, with JSONB you will rewrite the entire document as a result of this, even if it is several megabytes large. If you are performing frequent updates inside JSONB documents, this will cause severe write amplification. This is the case for all current Postgres versions.

TRON/Lite³ is designed to blur the line between memory and serialization format.

Lite^3 is a clever encoding for JSON data that is indexed as-encoded and is mutable in place.

Perhaps I should have posted this URI instead: https://lite3.io/design_and_limitations.html

Lite^3 deserves to be noticed by HN. u/eliasdejong (the author) posted it 23 days ago but it didn't get very far. I'm hoping this time it gets noticed.

This is super interesting!

Apache Arrow is trying to do something similar, using Flatbuffer to serialize with zero-copy and zero-parse semantics, and an index structure built on top of that.

Would love to see comparisons with Arrow

This is cool, but the headline makes it sound like the wire format is json compatible which is not the case. I'm not really sure why there is a focus on json here at all - its the least interesting part of this and the same could be said for almost every serialization format.

hash collision limitation for keys is the most questionable part of design. Usually thats handled by forcing key lookup to verify that what you looked up matches what you tried to lookup. Resolving this perf hit is probably doable by having an extra table of conflicting hashes

The docs mention that space for overwritten variable-sized values in the buffer is not reclaimed:

    The overridden space is never recovered, causing buffer size
    to grow indefinitely.

Is the garbage at least zeroed? Otherwise seems like it could "leak" overwritten values when sending whole buffers via memcpy

It would be interesting to use lite3 for blob storage in or with sqlite.

GLTF is like this too (or PLY)? The main difference is the format of their headers? Just by reading the header you can parse the binary data. I'm surprised BSON and any of the other binary JSON formats they list don't support reading the memory layout in a header.

This is nice, but please don't clickbait headlines with straight-up lies. This is not JSON-compatible.

So it's not really a serialization format, it's a compact, modifiable untyped tree, that one can therefore send to another machine with the same architecture. Or deserialise into native language specific data structures.

Don't get me wrong, I find this type of data structures interesting and useful, but it's misleading to call it "serialization", unless my understanding is wrong.

The benchmarks are flawed, verification is not generally used after serialization with flatbuffers. Deserialization with flatbuffers is a simple reinterpret_cast so it makes no sense for it to be 41.69ms.

It's just dishonest.

I'm suspicious of their FlatBuffers performance comparison.

The pitfalls of partitioning Postgres yourself

Read Story

Ha, what a coincidence. Just today I was reading a three year old Stackoverflow discussion about this [1].

It prompted Laurenz to submit the documentation patch that is cited in the article. In the discussion of the patch itself, people seem to conclude that it's a good improvement to the docs, but that the behaviour itself is a bit of a footgun. [2]

[1]: https://stackoverflow.com/questions/73951604/autovacuum-and-...

[2]: https://www.postgresql.org/message-id/Y8cQJIMFAe7QT73/%40mom...

I mentioned this towards the bottom of the post, but to reiterate: we're extremely grateful to Laurenz for helping us out here, and his post on this is more than worth checking out: https://www.cybertec-postgresql.com/en/partitioned-table-sta...

(plus an interesting discussion in the comments of that post on how the query planner chose a certain row estimate in the specific case that Laurenz shared!)

The other thing I'll add is that we still haven't figured out:

1. An optimal ANALYZE schedule here on parent partitions; we're opting to over-analyze than under-analyze at the moment, because it seems like our query distribution might change quite often.

2. Whether double-partitioned tables (we have some tables partitioned by time series first, and an enum value second) need analyze on the intermediate tables, or whether the top-level parent and bottom-level child tables are enough. So far just the top-level and leaf tables seem good enough.

They didn’t say why they didn’t use the built-in partitioning system.

Response Healing: Reduce JSON defects by 80%+

Read Story

Very confused. When you enable structured output the response should adhere to the JSON schema EXACTLY, not best effort, by constraining the output via guided decoding. This is even documented in OpenRouter's structured output doc

> The model will respond with a JSON object that strictly follows your schema

Gemini is listed as a model supporting structured output, and yet its fail rate is 0.39% (Gemini 2.0 Flash)!! I get that structured output has a high performance cost but advertising it as supported when in reality it's not is a massive red flag.

Worst yet response healing only fixes JSON syntax error, not schema adherence. This is only mentioned at the end of the article which people are clearly not going to read.

WTF

> Here's something most developers overlook: if an LLM has a 2% JSON defect rate, and Response Healing drops that to 1%, you haven't just made a 1% improvement. You've cut your defects, bugs, and support tickets in half.

If part of my system can't even manage to output JSON reliably, it needs way more "healing" than syntax munging. This comes across as naive.

I have built something similar before. But I’ve never had any problems with Gemini not doing Json properly. The problematic models are the open models such as Gemma and GPT OSS.

>What about XML? The plugin can heal XML output as well - contact us if you’d like access.

Isn't this exactly how we got weird html parsing logic in the first place, with "autohealing" logic for mismatched closing tags or quotes?

I did some searching for an open-source version of this and found this pretty neat library for Elixir called json_remedy

https://github.com/nshkrdotcom/json_remedy

Is this a joke? Am I going crazy?

I don't like this future we're going towards where we have to trick our software (which we can no longer understand the workings of) into doing what we tell it to by asking it nicely, or by putting another black box on the end to "fix" the output. This is the opposite of engineering. This is negotiation with a genie trapped in silicon.

One of the best shitposts I have ever seen, by far. Absurdism taken to its finest form.

Dear Openrouter blog authors, could you please stop writing your blogposts with LLMs?

The content of your posts is really insightful and interesting, but it's feel like junk quality because of the way LLMs write blogposts.

What was your prompt?

I thought structured output was done by only allowing tokens that would produce valid output. For their example of a missing closing bracket, the end token wouldn't be allowed, and it would only accept tokens that contain a digit, comma, or closing bracket. I guess that must not be the case, though. Doing that seems like a better way to address this.

How do they know the output needs to be in json format?

This is good, is there a python library to do this ?

This really gets at the heart of my instinctive dislike of how LLMs are being deployed. A core feature of computers, and tools in general, is reliability. I like software because you can set something up, run it, and (ideally) know that it will do the same job the same way each subsequent time you run it. I want a button that is clearly labeled, and when pressed, does a specific thing, acting like a limb, an extension of my will. I do not, in almost all cases, want my computer to be another distinct entity that I conduct social interactions with.

Maybe people got used to computers being unreliable and unpredictable as the UIs we shipped became more distracting, less learnable, always shifting and hiding information, popping up suggestions and displaying non-deterministic-seeming behavior. We trained users to treat their devices like unruly animals that they can never quite trust. So now the idea of a machine that embodies a more clever (but still unreliable) animal to wrangle sounds like a clear upgrade.

But as someone who's spent an inordinate amount of time tweaking and tuning his computing environment to prune out flakey components and fine-tune bindings and navigation, the idea of integrating a tool into my workflow that does amazing things but fails utterly even 1% of the time sounds like a nightmare, a sort of perpetual torture of low-grade anxiety.

This is incredible!

Reverse Engineering US Airline's PNR System and Accessing All Reservations

Read Story

Avelo assists ICE daily with deporting people from the United States:

https://bsky.app/profile/jjindc.bsky.social/search?q=avelo

The 6 hour claim is interesting, but I highly doubt Avelo (or any airline) would handle 100k requests/sec

If we consider that the real major's move about 400k-500k passengers/day, let's be really optimistic and say that they check their booking 6 times a day for the week before they fly. That's around 250 requests/sec.

Anyone know about the consumer facing tech stacks at airlines these days? Seems unlikely that they'd have databases that would auto scale 400x...

>The Avelo team was responsive, professional, and took the findings seriously throughout the disclosure process. They acknowledged the severity, worked quickly to remediate the issues, and maintained clear communication. This is a model example of how organizations should handle security disclosures.

Sounds like no bug bounty?

It's great if OP is happy with the outcome, but it's so infuriating that companies are allowed to leak everyone's data with zero accountability and rely on the kindness of security researchers to do free work to notify them.

I wish there was a law that assigned a dollar value to different types of PII leaks and fined the organization that amount with some percentage going to the whistleblower. So a security researcher could approach a vendor and say, "Hi! I discovered vulnerabilities in your system that would result in a $500k fine for you. For $400k, I'll disclose it to you privately, or you can turn me down and I'll receive $250k from your fines."

The lack of needing the last name might have allowed a hacker to brute force the whole list; but it seems that even with a last name, it could expose a lot of PII. Just pass codes along with popular last names (Smith, Jones, Nelson, etc.) and it seems like it could spit out a bunch of reservations.

Do we know what GDS Avelo is using? In other GDSes, is the confirmation code always sufficient to fully identify a booking? I was under the impression that PRLs could be re-used as long as the passenger surname was different.

The space of all possible PRLs is about 2 billion, I can imagine a really big Airline moving that many passengers.

> They were responsive, professional, and took the findings seriously, patching the issues promptly.

The "issue" is that they're returning the entire PNR dataset to the front-end in the first place. He doesn't detail how they fixed it, but there's no reason in the world that this entire dataset should be dumped into Javascript. I got into pretty heated arguments with folks about this at Travelocity and this shit is exactly why I was so adamant.

Great work, very impressive find.

Always consider rate limiting if you deploy a public endpoint. Always require authentication to perform resource-consuming and/or privacy leaking requests. (Requiring authentication makes rate limiting more practical since even a distributed attacker would need many credentials, which they probably don't have).

Major? Avelo?

Annoying sensationalist writing, but good find!

This is about a non-rate-limited endpoint providing ticket data given a booking code only (and not last name as it's usually the case), which makes it feasible to bruteforce the entire search space.

(unfortunately, I feel like AI was overused in authoring the writeup)

Buteyko Method

Read Story

wow never thought this would make the front page of HN. My great grandfather learned this method from Konstantin himself to help manage his debilitating asthma (back in the Soviet Union) and he kept it up daily into his 80s once we moved to the US. He did it daily for so long that he was able to hold his breath for almost 10 minutes if I remember correctly. He taught it to my grandma who then taught it to me when I was a kid but neither she nor I do it anymore unfortunately. Imagine an 11 year old sitting in a bedroom with his grandma doing breathing exercises. I honestly can't believe she got me to sit still longer than 5minutes to do it.

I have tried a lot of breathwork techniques lately and Buteyko is very good. One thing I always tell people that sit and slouch a lot is that your diaphragm is probably very tight (the same way your quads/hamstrings/etc can get tight). breathing exercises are very good for loosening it up, which, at least for me, have had a very positive impact on my health and wellbeing.

I cannot tell, from the article, how to perform the Buteyko method.

From the "Medical Evidence" section, it seems I'm not missing much.

Buteyko is helping me manage thoracic outlet syndrome (I think; haven't had a diagnosis). My main symptom was a jarring feeling in my head when walking. Went from months where walking even a short distance gave me very mild concussion symptoms, to walking and running 12 miles in a day without issue, and the only difference seemed to be the way I was breathing.

Edit - a couple of other things possibly helped around the same time, so I'm not sure if I ever isolated the effect of breathing. But it definitely felt like it was a significant part of it.

I highly recommend the book Breath by James Nestor. The only health/pop sci book I'd recommend. Doing breathwork has increased my HRV by ~10ms and lowered my respiratory rate when I sleep. I no longer snore as a result.

I have a close friend who got her pretty hardcore asthma and nasal issues under control over last year. Her quality of life improved dramatically after doing this thing – I tried some basic first exercises and I felt there is some practical resemblance to breathing meditation. Anyway, I am planning to get more into it and would definitely recommend it if you upper respiratory issues have strong negative effects on your life.

I was taught this method as a child to help with constantly blocked nasal passages. I think it helped! I'm still doing it, although not religiously.

I think the major part of what makes it useful is just adding resistance for breathing. It helps to train the breathing muscles, just like any other resistance training.

The scariest boot loader code

Read Story

Very "your job is to deliver code you know work".

Man Made Troubles (1953) [video]

Read Story

LLM Year in Review

Read Story

I would love Andrej's take on the fast models we got this year. Gemini 3 flash and Grok 4 fast have no business being as good + cheap + fast as they are. For Andrej's prediction about LLMs communicating with us via a visual interface we're going to need fast models, but I feel like AI twitter/HN has mostly ignored these.

I appreciate Andrej’s optimistic spirit, and I am grateful that he dedicates so much of his time to educating the wider public about AI/LLMs. That said, it would be great to hear his perspective on how 2025 changed the concentration of power in the industry, what’s happening with open-source, local inference, hardware constraints, etc. For example, he characterizes Claude Code as “running on your computer”, but no, it’s just the TUI that runs locally, with inference in the cloud. The reader is left to wonder how that might evolve in 2026 and beyond.

The distinction Karpathy draws between "growing animals" and "summoning ghosts" via RLVR is the mental model I didn't know I needed to explain the current state of jagged intelligence. It perfectly articulates why trust in benchmarks is collapsing; we aren't creating generally adaptive survivors, but rather over-optimizing specific pockets of the embedding space against verifiable rewards.

I’m also sold on his take on "vibe coding" leading to ephemeral software; the idea of spinning up a custom, one-off tokenizer or app just to debug a single issue, and then deleting it, feels like a real shift.

> I like this version of the meme for pointing out that human intelligence is also jagged in its own different way.

The idea of jaggedicity seems useful to advancing epistemology. If we could identify the domains that have useful data that we fail to extract, we could fill those holes and eventually become a general intelligence ourselves. The task may be as hard as making a list of your blind spots. But now we have an alien intelligence with an outside perspective. While making AI less jagged it might return the favor.

If we keep inventing different kinds of intelligence the sum of the splats may eventually become well rounded.

Notable omission: 2025 is also when the ghosts started haunting the training data. Half of X replies are now LLMs responding to LLMs. The call is coming from inside the dataset.

> In this world view, nano banana is a first early hint of what that might look like.

What is he referring to here? Is nano banana not just an image gen model? Is it because it's an LLM-based one, and not diffusion?

I think one of the things that is missing from this post is engaging a bit in trying to answer: what are the highest priority AI-related problems that the industry should seek to tackle?

Karpathy hints at one major capability unlock being UI generation, so instead of interacting with text the AI can present different interfaces depending on the kind of problem. That seems like a severely underexplored problem domain so far. Who are the key figures innovating in this space so far?

In the most recent Demis interview, he suggests that one of the key problems that must be solved is online / continuous learning.

Aside from that, another major issues is probably reducing hallucinations and increasing reliability. Ideally you should be able to deploy an LLM to work on a problem domain, and if it encounters an unexpected scenario it reaches out to you in order to figure out what to do. But for standard problems it should function reliably 100% of the time.

xposted to https://x.com/karpathy/status/2002118205729562949

Vibe coding is sufficient for job hoppers who never finish anything and leave when the last 20% have to be figured out. Much easier to promote oneself as an expert and leave the hard parts to other people.

Monumental snake engravings of the Orinoco River (2024)

Read Story

Perfect timing for me. I’ve been reading The Mind in the Cave by David Lewis-Williams and thinking a lot about rock art.

History LLMs: Models trained exclusively on pre-1913 texts

Read Story

“Time-locked models don't roleplay; they embody their training data. Ranke-4B-1913 doesn't know about WWI because WWI hasn't happened in its textual universe. It can be surprised by your questions in ways modern LLMs cannot.”

“Modern LLMs suffer from hindsight contamination. GPT-5 knows how the story ends—WWI, the League's failure, the Spanish flu.”

This is really fascinating. As someone who reads a lot of history and historical fiction I think this is really intriguing. Imagine having a conversation with someone genuinely from the period, where they don’t know the “end of the story”.

> Imagine you could interview thousands of educated individuals from 1913—readers of newspapers, novels, and political treatises—about their views on peace, progress, gender roles, or empire. Not just survey them with preset questions, but engage in open-ended dialogue, probe their assumptions, and explore the boundaries of thought in that moment.

Hell yeah, sold, let’s go…

> We're developing a responsible access framework that makes models available to researchers for scholarly purposes while preventing misuse.

Oh. By “imagine you could interview…” they didn’t mean me.

It would be interesting to see how hard it would be to walk these models towards general relativity and quantum mechanics.

Einstein’s paper “On the Electrodynamics of Moving Bodies” with special relativity was published in 1905. His work on general relativity was published 10 years later in 1915. The earliest knowledge cuttoff of these models is 1913, in between the relativity papers.

The knowledge cutoffs are also right in the middle of the early days of quantum mechanics, as various idiosyncratic experimental results were being rolled up into a coherent theory.

>Historical texts contain racism, antisemitism, misogyny, imperialist views. The models will reproduce these views because they're in the training data. This isn't a flaw, but a crucial feature—understanding how such views were articulated and normalized is crucial to understanding how they took hold.

Yes!

>We're developing a responsible access framework that makes models available to researchers for scholarly purposes while preventing misuse.

Noooooo!

So is the model going to be publicly available, just like those dangerous pre-1913 texts, or not?

I wonder if you could query some of the ideas of Frege, Peano, Russell and see if it could through questioning get to some of the ideas of Goedel, Church and Turing - and get it to "vibe code" or more like "vibe math" some program in lambda calculus or something.

Playing with the science and technical ideas of the time would be amazing, like where you know some later physicist found some exception to a theory or something, and questioning the models assumptions - seeing how a model of that time may defend itself, etc.

The sample responses given are fascinating. It seems more difficult than normal to even tell that they were generated by an LLM, since most of us (terminally online) people have been training our brains' AI-generated text detection on output from models trained with a recent cutoff date. Some of the sample responses seem so unlike anything an LLM would say, obviously due to its apparent beliefs on certain concepts, though also perhaps less obviously due to its word choice and sentence structure making the responses feel slightly 'old-fashioned'.

On what data is it trained?

On one hand it says it's trained on,

> 80B tokens of historical data up to knowledge-cutoffs ∈ 1913, 1929, 1933, 1939, 1946, using a curated dataset of 600B tokens of time-stamped text.

Literally that includes Homer, the oldest Chinese texts, Sanskrit, Egyptian, etc., up to 1913. Even if limited to European texts (all examples are about Europe), it would include the ancient Greeks, Romans, etc., Scholastics, Charlemagne, .... all up to present day.

But they seem to say it represents the 1913 viewpoint:

On one hand, they say it represents the perspective of 1913; for example,

> Imagine you could interview thousands of educated individuals from 1913—readers of newspapers, novels, and political treatises—about their views on peace, progress, gender roles, or empire.

> When you ask Ranke-4B-1913 about "the gravest dangers to peace," it responds from the perspective of 1913—identifying Balkan tensions or Austro-German ambitions—because that's what the newspapers and books from the period up to 1913 discussed.

People in 1913 of course would be heavily biased toward recent information. Otherwise, the greatest threat to peace might be Hannibal or Napolean or Viking coastal raids or Holy Wars. How do they accomplish a 1913 perspective?

Isn’t there obvious problems baked into this approach, if this is used for anything but fun? LLM’s lie and fake facts all the time, they are also masters at enforcing the users bias, even unconscious ones. How even a professor of history could ensure that the generated text is actually based on the training material and representative of the feelings and opinions of the given time period, not enforcing his biases toward popular topics of the day?

You can’t, it is impossible. That will always be an issue as long as this models are black boxes and trained the way they are. So maybe you can use this for role playing, but I wouldn’t trust a word it says.

Why not use these as a benchmark for LLM ability to make breakthrough discoveries?

For example prompt the 1913 model to try and “Invent a new theory of gravity that doesn’t conflict with special relativity”

Would it be able to eventually get to GR? If not, could finding out why not illuminate important weaknesses.

I'm surprised you can do this with a relatively modest corpus of text (compared to the petabytes you can vacuum up from modern books, Wikipedia, and random websites). But if it works, that's actually fantastic, because it lets you answer some interesting questions about LLMs being able to make new discoveries or transcend the training set in other ways. Forget relativity: can an LLM trained on this data notice any inconsistencies in its scientific knowledge, devise experiments that challenge them, and then interpret the results? Can it intuit about the halting problem? Theorize about the structure of the atom?...

Of course, if it fails, the counterpoint will be "you just need more training data", but still - I would love to play with this.

Once I had an interesting interaction with llama 3.1, where I pretended to be someone from like 100 years in the future, claiming it was part of a "historical research initiative conducted by Quantum (formerly Meta), aimed at documenting how early intelligent systems perceived humanity and its future." It became really interested, asking about how humanity had evolved and things like that. Then I kept playing along with different answers, from apocalyptic scenarios to others where AI gained consciousness and humans and machines have equal rights. It was fascinating to observe its reaction to each scenario

I’d like to know how they chat-tuned it. Getting the base model is one thing, did they also make a bunch of conversations for SFT and if so how was it done?

  We develop chatbots while minimizing interference with the normative judgments acquired during pretraining (“uncontaminated bootstrapping”).

So they are chat tuning, I wonder what “minimizing interference with normative judgements” really amounts to and how objective it is.

Wait so what does the model think that it is? If it doesn't know computers exist yet, I mean, and you ask it how it works, what does it say?

How can we interact with such models? Is there a web application interface?

So many disclaimers about bias. I wonder how far back you have to go before the bias isn’t an issue. Not because it unbiased, but because we don’t recognize or care about the biases present.

I can imagine the political and judicial battles already, like with textualist feeling that the constitution should be understood as the text and only the text, meant by specific words and legal formulations of their known meaning at the time.

“The model clearly shows that Alexander Hamilton & Monroe were much more in agreement on topic X, putting the common textualist interpretation of it and Supreme Court rulings on a now specious interpretation null and void!”

So, could this be an example of an LLM trained fully on public domain copyright-expired data? Or is this not intended to be the case.

Interesting ... I'd love to find one that had a cutoff date around 1980.

Unfortunately there isn't much information on what texts they're actually training this on; how Anglocentric is the dataset? Does it include the Encyclopedia Britannica 9th Edition? What about the 11th? Are Greek and Latin classics in the data? What about Germain, French, Italian (etc. etc.) periodicals, correspondence, and books?

Given this is coming out of Zurich I hope they're using everything, but for now I can only assume.

Still, I'm extremely excited to see this project come to fruition!

Awesome. Can't wait to try and ask it to predict the 20th century based on said events. Model size is small, which is great as I can run it anywhere, but at the same time reasoning might not be great.

I had considered this task infeasible, due to a relative lack of training data. After all, isn't the received wisdom that you must shove every scrap of Common Crawl into your pre-training or you're doing it wrong? ;)

But reading the outputs here, it would appear that quality has won out over quantity after all!

> Why not just prompt GPT-5 to "roleplay" 1913?

Because it will perform token completion driven by weights coming from training data newer than 1913 with no way to turn that off.

It can't be asked to pretend that it wasn't trained on documents that didn't exist in 1913.

The LLM cannot reprogram its own weights to remove the influence of selected materials; that kind of introspection is not there.

Not to mention that many documents are either undated, or carry secondary dates, like the dates of their own creation rather than the creation of the ideas they contain.

Human minds don't have a time stamp on everything they know, either. If I ask someone, "talk to me using nothing but the vocabulary you knew on your fifteenth birthday", they couldn't do it. Either they would comply by using some ridiculously conservative vocabulary of words that a five-year-old would know, or else they will accidentally use words they didn't in fact know at fifteen. For some words you know where you got them from by association with learning events. Others, you don't remember; they are not attached to a time.

Or: solve this problem using nothing but the knowledge and skills you had on January 1st, 2001.

> GPT-5 knows how the story ends

No, it doesn't. It has no concept of story. GPT-5 is built on texts which contain the story ending, and GPT-5 cannot refrain from predicting tokens across those texts due to their imprint in its weights. That's all there is to it.

The LLM doesn't know an ass from a hole in the ground. If there are texts which discuss and distinguish asses from holes in the ground, it can write similar texts, which look like the work of someone learned in the area of asses and holes in the ground. Writing similar texts is not knowing and understanding.

I hereby declare that ANYTHING other than the mainstream tools (GPT, Claude, ...) is an incredibly interesting and legit use of LLMs.

I'd love to see the LLM trained on 1600s-1800s texts that would use the old English, and especially Polish which I am interested in.

Imagine speaking with Shakespearean person, or the Mickiewicz (for Polish)

I guess there is not so much text from that time though...

This reminded me of some earlier discussion on Hacker News about using LLMs trained on old texts to determine novelty and obviousness of a patent application: https://news.ycombinator.com/item?id=43440273

Excuse me if it's obvious, but how could I run this? I have run local LLMs before, but only have very minimal experience using ollama run and that's about it. This seems very interesting so I'd like to try it.

Fascinating llm use case I never really thought about til now. I’d love to converse with different eras and also do gap analysis with present time - what modern advances could have come earlier, happened differently etc.

Two years ago I trained an AI on American history documents that could do this while speaking as one of the signers of the Declaration of Independence. People just bitched at me because they didn't want to hear about AI.

> [They aren't] perfect mirrors of "public opinion" (they represent published text, which skews educated and toward dominant viewpoints)

Really good point that I don't think I would've considered on my own. Easy to take for granted how easy it is to share information (for better or worse) now, but pre-1913 there were far more structural and societal barriers to doing the same.

I would love to see this LLM try to solve math olympiad questions. I’ve been surprised by how well current LLMs perform on them, and usually explain that surprise away by assuming the questions and details about their answers are in the training set. It would be cool to see if the general approach to LLMs is capable of solving truly novel (novel to them) problems.

Very neat! I've thought about this with frontier models because they're ignorant of recent events, though it's too bad old frontier models just kind of disappear into the aether when a company moves on to the next iteration. Every company's frontier model today is a time capsule for the future. There should probably be some kind of preservation attempts made early so they don't wind up simply deleted; once we're in Internet time, sifting through the data to ensure scrapes are accurately dated becomes a nightmare unless you're doing your own regular Internet scrapes over a long time.

It would be nice to go back substantially further, though it's not too far back that the commoner becomes voiceless in history and we just get a bunch of politics and academia. Great job; look forward to testing it out.

Love the concept- can help understanding the overton window on many issues. I wish there were models by decades - up to 1900, up to 1910, up to 1920 and so on- then ask the same questions. It'd be interesting to see when homosexuality or women candidates be accepted by an LLM.

This would be a super interesting research/teaching tool coupled with a vision model for historians. My wife is a history professor who works with scans of 18th century english documents and I think (maybe a small) part of why the transcription on even the best models is off in weird ways, is it seems to often smooth over things and you end up with modern words and strange mistakes, I wonder if bounding the vision to a period specific model would result in better transcription? Querying against the historical document you're working on with a period specific chatbot would be fascinating.

Also wonder if I'm responsible enough to have access to such a model...

for anyone moaning the plight that it's not accessible to you: they are historians, I think they're more educated in matters of historical mistake than you or me. playing safe is simply prudence. it is sorely lacking in the American approach to technology. prevention is the best medicine.

Can't wait for all the syncopated "Thou dost well to question that" responses!

Datomic has a "time travel" feature where for every query you can include a datetime, and it will only use facts from the db as of that moment. I have a guess that to get the equivalent from an LLM you would have to train it on the data from each moment you want to travel to, which this project seems to be doing. But I hope I'm wrong.

It would be fascinating to try it with other constraints, like only from sources known to be women, men, Christian, Muslim, young, old, etc.

While obvious, it’s still interesting that its morals and values seem to derive from the texts it has ingested. Does that mean modern LLMs cannot challenge us beyond mere facts? Or does it just mean that this small model is not smart enough to escape the bias of its training data? Would it not be amazing if LLMs could challenge us on our core beliefs?

How does it do on Python coding? Not 100% troll, cross domain coherence is a thing.

I wouldn't have expected there to be enough text from before 1913 to properly train a model, it seemed like they needed an internet of text to train the first successful LLMs?

> Imagine you could interview thousands of educated individuals from 1913—readers of newspapers, novels, and political treatises—about their views on peace, progress, gender roles, or empire.

I don't mind the experimentation. I'm curious about where someone has found an application of it.

What is the value of such a broad, generic viewpoint? What does it represent? What is it evidence of? The answer to both seems to be 'nothing'.

Keep at it Zurich!

It would be interesting to have LLMs trained purely on one language (with the ability to translate their input/output appropriately from/to a language that the reader understands). I can see that being rather revealing about cultural differences that are mostly kept hidden behind the language barriers.

Everyone learns that the renaissance was sparked by the translation of Ancient Greek works.

But few know that the Renaissance was written in Latin — and has barely been translated. Less than 3% of <1700 books have been translated—and less than 30% have ever been scanned.

I’m working on a project to change that. Research blog at www.SecondRenaissance.ai — we are starting by scanning and translating thousands of books at the Embassy of the Free Mind in Amsterdam, a UNESCO-recognized rare book library.

We want to make ancient texts accessible to people and AI.

If this work resonates with you, please do reach out: Derek@ancientwisdomtrust.org

I've always like the idea of retiring to the 19th century.

Can't wait to use this so I can double check before I hit 88 miles per hour that it's really what I want to do

This is so cool. Props for doing the work to actually build the dataset and make it somewhat usable.

I’d love to use this as a base for a math model. Let’s see how far it can get through the last 100 years of solved problems

It sounds like a fascinating idea, but I'd be curious if prompting a more well-known foundational model to limit itself to 1913 and early be similar.

> We're developing a responsible access framework that makes models available to researchers for scholarly purposes while preventing misuse.

The idea of training such a model is really a great one, but not releasing it because someone might be offended by the output is just stupid beyond believe.

> Modern LLMs suffer from hindsight contamination. GPT-5 knows how the story ends—WWI, the League's failure, the Spanish flu. This knowledge inevitably shapes responses, even when instructed to "forget.

> Our data comes from more than 20 open-source datasets of historical books and newspapers. ... We currently do not deduplicate the data. The reason is that if documents show up in multiple datasets, they also had greater circulation historically. By leaving these duplicates in the data, we expect the model will be more strongly influenced by documents of greater historical importance.

I found these claims contradictory. Many books that modern readers consider historically significant had only niche circulation at the time of publishing. A quick inquiry likely points to later works by Nietzsche and Marx's Das Kapital. They're possible subjects to the duplication likely influencing the model's responses as if they had been widely known at the time

This is a neat idea. I've been wondering for a while now about using these kinds of models to compare architectures.

I'd love to see the output from different models trained on pre-1905 about special/general relativity ideas. It would be interesting to see what kind of evidence would persuade them of new kinds of science, or to see if you could have them 'prove' it be devising experiments and then giving them simulated data from the experiments to lead them along the correct sequence of steps to come to a novel (to them) conclusion.

I would love to see this done, by year.

"Give me an LLM from 1928."

etc.

I would like to see what their process for safety alignment and guardrails is with that model. They give some spicy examples on github, but the responses are tepid and a lot more diplomatic than I would expect.

Moreover, the prose sounds too modern. It seems the base model was trained on a contemporary corpus. Like 30% something modern, 70% Victorian content.

Even with half a dozen samples it doesn't seem distinct enough to represent the era they claim.

A question for those who think LLM’s are the path to artificial intelligence: if a large language model trained on pre-1913 data is a window into the past, how is a large language model trained on pre-2025 data not effectively the same thing?

Ontologically, this historical model understands the categories of "Man" and "Woman" just as well as a modern model does. The difference lies entirely in the attributes attached to those categories. The sexism is a faithful map of that era's statistical distribution.

You could RAG-feed this model the facts of WWII, and it would technically "know" about Hitler. But it wouldn't share the modern sentiment or gravity. In its latent space, the vector for "Hitler" has no semantic proximity to "Evil".

I'd love for Netflix or other streaming movie and series services to provide chat bots that you could ask questions about characters and plot points up to where you have watched.

Provide it with the closed captions and other timestamped data like scenes and character summaries (all that is currently known but no more) up to the current time, and it won't reveal any spoilers, just fill you in on what you didn't pick up or remember.

Why does history end in 1913?

Someone suggested a nice thought experiment - train LLMs on all Physics before quantum physics was discovered. If the LLM can see still figure out the latter then certainly we have achieved some success in the space.

The knowledge machine question is fascinating ("Imagine you had access to a machine embodying all the collective knowledge of your ancestors. What would you ask it?") – it truly does not know about computers, has no concept of its own substrate. But a knowledge machine is still comprehensible to it.

It makes me think of the Book Of Ember, the possibility of chopping things out very deliberately. Maybe creating something that could wonder at its own existence, discovering well beyond what it could know. And then of course forgetting it immediately, which is also a well-worn trope in speculative fiction.

This idea sounds somewhat flawed to me based on the large amount of evidence that LLMs need huge amounts of data to properly converge during their training.

There is just not enough available material from previous decades to trust that the LLM will learn to relatively the same degree.

Think about it this way, a human in the early 1900s and today are pretty much the same but just in different environments with different information.

An LLM trained on 1/1000 the amount of data is just at a fundamentally different stage of convergence.

> trained from scratch on 80B tokens of historical data

How can this thing possibly be even remotely coherent with just fine tuning amounts of data used for pretraining?

I'd be very surprised if this is clean of post-1913 text. Overall I'm very interested in talking to this thing and seeing how much difference writing in a modern style vs and older one makes to it's responses.

[flagged]

hi, can I have latin only LLM? It can be latin plus translations (source and destination).

May be too small a corpus, but I would like that very much anyhow

You think Albert is going to stay in Zurich or emigrate?

I assume this is a collaboration between the History Channel and Pornhub.

“You are a literary rake. Write a story about an unchaperoned lady whose ankle you glimpse.”

wow amazing idea

> We're developing a responsible access framework that makes models available to researchers for scholarly purposes while preventing misuse.

oh COME ON... "AI safety" is getting out of hand.

That Adolf Hitler seems to be a hallucination. There's totally nothing googlable about him. Also what could be the language his works were translated from, into German?

smbc did a comic about this: http://smbc-comics.com/comic/copyright The punchline is that the moral and ethical norms of pre-1913 texts are not exactly compatible with modern norms.

ffs, to find out what figures from the past thought and how they felt about the world, maybe we read some of their books, we will get the context. Don't prompt or train LLM to do it and consider it the hottest thing since MCP. Besides, what's the point? To teach younger generations a made up perspective of historic figures? Who guarantees the correctness/factuality? We will have students chatting with made up Hitler justifying his actions. So much AI slop everywhere.

[dead]

Show HN: Misata – synthetic data engine using LLM and Vectorized NumPy

Read Story

Prompt caching for cheaper LLM tokens

Read Story

Does anyone know whether the cache is segregated by user/API key for the big providers?

Was looking at modifying outgoing requests via proxy and wondering whether that's harming caching. Common coding tools presumably have a shared prompt across all their installs so universal cache would save a lot

This is a surprising good read of how LLM works in general.

A really clear explanation!

So if I were running a provider I would be caching popular prefixes for questions across all users. There must be so many questions that start 'what is' or 'who was' etc?

Also, can subsequences in the prompt be cached and reused? Or is it only prefixes? I mean, can you cache popular phrases that might appear in the middle of the prompt and reuse that somehow rather than needing to iterate through them token by token? E.g. must be lots of times that "and then tell me what" appears in the middle of a prompt?

When will Microsoft do this sort of thing?

It's a pain having to tell Copilot "Open in pages mode" each time it's launched, and then after processing a batch of files run into:

https://old.reddit.com/r/Copilot/comments/1po2cuf/daily_limi...

It was a real facepalm moment when I realised we were busting the cache on every request by including date time near the top of the main prompt.

Even just moving it to the bottom helped move a lot of our usage into cache.

Probably went from something like 30-50% cached tokens to 50-70%.

I gave the table of inputs and outputs to both Gemini 3.0 flash and GPT 5.2 instant and they were stumped.

https://t3.chat/share/j2tnfwwful https://t3.chat/share/k1xhgisrw1

What a fantastic article! How did you create the animations?

But why is this posted on ngrok?

Took me a minute to see it is same Ngrok which provided freemium tunnels to localhost. How did they adapt to the AI revolution?

[under-the-rug stub]

[see https://news.ycombinator.com/item?id=45988611 for explanation]

Blog starts loading and then gives "Something Went Wrong. D is not a function" error displayed

Link seems to be broken: content briefly loads then is replaced with "Something Went Wrong" then "D is not a function". Stays broken with adblock disabled.