HackerTrans
TopNewTrendsCommentsPastAskShowJobs

solaire_oa

163 karmajoined il y a 4 ans
HackerSmacker profile: https://www.hackersmacker.org/user/solaire_oa?hs=JUejAUU5gSatZ15ZBY

Submissions

Inverse Context Learning Principle

r5d.me
1 points·by solaire_oa·il y a 5 jours·0 comments

Inverse Context Learning Principle

r5d.me
3 points·by solaire_oa·il y a 26 jours·0 comments

Trust signals as sparklines for Hacker News

hn-trustspark.com
82 points·by solaire_oa·il y a 4 mois·46 comments

Pascail's Wager

r5d.me
3 points·by solaire_oa·il y a 4 mois·0 comments

Vibeschism

r5d.me
2 points·by solaire_oa·il y a 5 mois·0 comments

Vibeschism

r5d.me
3 points·by solaire_oa·il y a 5 mois·0 comments

comments

solaire_oa
·il y a 25 jours·discuss
For a period of time, I was graphing HN AI sentiment on BULL/BEAR LOVE/HATE axes.

https://r5d.me/vibeschism/

The mania and lament continues at full speed, I suppose. And related to the brazen contempt for consent:

https://r5d.me/robots.txt

I like the article's sentiment, but a do-over sounds... unrealistic. Sadly, this is very common with the lamentation links, where the article accurately describes the problems at hand, but is alack of actionable advice.
solaire_oa
·il y a 3 mois·discuss
Bubble stress test, stage 1.
solaire_oa
·il y a 3 mois·discuss
Not all prompts require the same compute, and Gemma-4B runs on our phones with parity output for ordinary 1-5 sentence queries. The common use case of Google-style queries is already solved locally, saying we're miles off is ridiculous.
solaire_oa
·il y a 3 mois·discuss
Yeah this is context poisoning, not model poisoning, which is way, way more effective.

Google and Reddit have contracts: Google has official scraping access to Reddit (probably more than that at this point since the contracts were signed 1-2 years ago). But the fact that Reddit does a good job at moderating human content makes it a boon for plausibly "up-to-date" info (which a model doesn't have). Google's LLM summaries even include Reddit as its foremost "citations".

Anyway, Google does a RAG or something similar for its LLM responses, and takes Reddit info at face value. I'm very interested to see what the "thresholds" are, like how much context poisoning do you need to be effective. If the above link is reliable then the answer is "mere sentences".

Certainly bad-actor merchants would try this sort of thing on merchandise subreddits; welcome to the new AIO/GEO everyone.
solaire_oa
·il y a 3 mois·discuss
If you're implying that it's a violation of the original hacker ethos, I disagree.

"Information wants to be free" is a small part of the hacker ethos venn diagram. There are many hacker ethos traits that aren't about cracking, specifically.

Also, the server "information" isn't free (as in beer) to begin with, it costs server availability. Coming up ways to penalize greedy actors is not only well within the server operator's perogative, it's an interesting tit-for-tat problem that could pique any hacker's interests.

A bonus hacker trait is that these poisoning responses are individualistic, i.e. the government doesn't get involved, where certainly more aggressive anti-AI sentiments could (wrongly) call for that.

So I'd say this type of LLM-resistance falls squarely in the original hacker ethos, even though it incidentally counteracts one minor aspect of "information availability". Though I'd certainly agree that the picture today is a lot different than it was. Ironic even.
solaire_oa
·il y a 3 mois·discuss
As far as I'm aware, "source of truth" refers to data/code that drives the actual app, so Figma could never be a source of truth (Figma is a reference of what the app data/code is supposed to do). Saying Figma is a source of truth is like saying JIRA is a source of truth, which doesn't make any sense.
solaire_oa
·il y a 3 mois·discuss
Pretty cool to see stacks being given due attention. Also check out git-spice, which works with Gitlab (possibly others). Personally I use git-spice in place of all the conventional git commands.
solaire_oa
·il y a 3 mois·discuss
I got to the second section before I decided to scan how long it was, saw a wall of text, and decided that this article was low taste.

Moreover, the submitter of this article (probably not the author) spams ~4 submissions per day.
solaire_oa
·il y a 3 mois·discuss
I'm not sure I believe them though, at face value anyway. Or at least, I would suspect the entire spectrum of levels 0-9 are constantly at play at Anthropic (or any sizeable company). Fully disavowing the code as a matter of policy seems needlessly reckless.

(Thanks for visidata btw, awesome tool that helped me with a side project not long ago.)
solaire_oa
·il y a 3 mois·discuss
I can confirm that tool calls failed for me (Ubuntu server with charmbracelet/crush, if that matters)
solaire_oa
·il y a 3 mois·discuss
I know that it's discourteous to write-off a potentially valuable project because the release post showed a lack of self-awareness, but I think it's indicative of the larger struggle taking place: that trust is decaying.

It's decaying for a lot of the reasons displayed in the post, like you described, but the post also:

  - is overlong (probably LLM assisted)
  - is self-congratulatory
  - boosts AI
  - rewrites an existing project (vs contributing to the original)
  - conjures long-term maintenance doubt/suspicions
  - is functionally an advertisement (for CloudFlare)
So yeah, maybe EmDash is revolutionary with respect to Wordpress, but it hasn't signaled trust, and that's a difficult hurdle to get past.
solaire_oa
·il y a 3 mois·discuss
> However, our recent analysis found over 90 times more malware from sideloaded sources than on Google Play

https://android-developers.googleblog.com/2025/08/elevating-...

> The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play

Bald face lies are getting baldier.
solaire_oa
·il y a 3 mois·discuss
This is good info, thanks. Can I ask how you detected that version of axios? I checked the source (from another comment) and the package.json dependencies are empty....
solaire_oa
·il y a 3 mois·discuss
I couldn't tell from the title whether is was client or the server code (although map file and NPM were hints). Looks like the client code, which is not as exciting.
solaire_oa
·il y a 4 mois·discuss
Yeah, additionally gemini.google.com is also free unauthenticated, which I've been using for a very long time (a year?). Why this is being treated as news is confusing.
solaire_oa
·il y a 4 mois·discuss
For sure, source is now available here https://hn-trustspark.com/src/

I can figure out how to shasum/sig the extension for heightened trust.
solaire_oa
·il y a 4 mois·discuss
No problem at all! I didn't mean to be accusatory. And I wouldn't say inspecting the plugin code is against my wishes at all, no, definitely keep that hacker spirit alive! And feel free to reload the gist.

I suppose that my point is more that creating a GitHub repo has some strings attached to it nowadays, is all.
solaire_oa
·il y a 4 mois·discuss
Darn, I really thought submission rates were the lowest hanging fruit for bot detection, and it doesn't appear this is the case.

Thanks for commenting so I could see this.

For what it's worth, penalizing submission rates is not the default in the plugin itself, that's just for the demo. And also, in my testing, HN at large has "high trust" practically everywhere. My own account is consistently one of the lowest scoring that I come across, ironically. So perhaps this plugin isn't as useful as I had hoped.
solaire_oa
·il y a 4 mois·discuss
Thanks! Nice, you found the alltrust.json file ha. Yes, a bg job running on an rpi leverages HN APIs and builds the alltrust file by the minute, for all "active" accounts. Technically fetching that data is all you'd need to make your own script/plugin.

It's centralized for a few reasons though, first being that client-side API requests would be discourteous to the APIs (flood/ddos), and a whole new level of error handling would be required. Shared IPs, like those in a tech company building, would easily and quickly reach the API limits. So that's the reasoning, if you're curious.
solaire_oa
·il y a 4 mois·discuss
Oh wow, You're a human with a high submission rate! I assumed accounts like these were bots. I've seen a large number of accounts like yours in `/newest`, indeed, it's the reason I made the default demo penalize high submission rates. If you don't mind me asking, what are you submission habits? Do you just submit links you find interesting often? And does the karma rewards factor into your routine submissions?

(I'm not being facetious or accusatory, I'm genuinely interested learning how some of these high submission rates operate, since a lot look automated).