Put aside whether this was justified or not, or the potential Streisand effect or PR damage (or vice versa). What signal is this sending to the young Google engineer who wants to build the next Gmail? Even if this violated every internal policy, firing someone who created something that people actually want is sending a very disturbing message (internally and externally).
Also, is this somehow relate to Addy Osmani’s recent departure from Google? (Was it in sympathy, was it a retaliation as this was “the tweet that got OP fired”?)
LLMs diverge, not converge. They slightly increase entropy if not controlled. While you can have DRY skills and use AI to organize AI (in loops(tm) like Boris does) but eventually if you don’t understand the code, you are taking yourself out of the loop. And not just the job security that’s on the line, it’s the increasing cost for AI to babysit AI. If you or your “loops” (or paperclip, Hermes, gastown, or next in class agents of agents that runs your entire company) let it gradually sneak in slop-debt, the cost to fix it later will become prohibitive. (You can always just rewrite it, but as the race for “feature complete” and “zero backlog” continues, rewriting an ever growing set of new daily table stakes will become an economical moat)
TLDR: Keeping your codebase human readable and reason-about-able is not just helping humans to stay relevant. It will save costs for LLMs to maintain it.
> Interesting. I'm mostly using Claude, so perhaps I'm not nearing the limits, but I do use Codex (for coding and reviews occasionally) and use chatgpt for second opinion many times, including "pro" research. Never got to my limits. But again, not my main go to tool.
Interesting. I'm mostly using Claude, so perhaps I'm not nearing the limits, but I do use Codex (for coding and reviews occasionally) and use chatgpt for second opinion many times, including "pro" research. Never got to my limits. But again, not my main go to tool.
Been in this rabbit hole since JWT shipped. As others have mentioned, cookies have their own risks, you're now juggling both XSS and CSRF, and the CSRF defenses (SameSite, tokens) do nothing against XSS since that's a same-origin attacker.
Just to clarify, httpOnly/sameSite isn't useless under XSS the way localStorage is. XSS can't read a httpOnly cookie, so it can't exfiltrate the credential, it can only perform the attack during the session from the victim's browser. A JWT in localStorage can be reused offline for its entire lifetime. Also worth separating: localStorage is the exposure, not JWT. Just please for the love of all that's good and pretty, don't store a JWT in a httpOnly cookie.
Still do. Composer 2.5 is a beast. But even with Opus (and Fable for a few days) their harness is many times faster. The main reason for me to use CC is the $200 subsidized pro max plan.
Also their computer use in the cloud agents (when it works) is a game changer. No need to keep your laptop open / get a Mac mini if it runs in the cloud.
Surprised no one mentioned this is the guy who brought us this masterpiece. If you haven’t seen it, drop everything and watch it, best 5 minutes of your day guaranteed.
Interesting point.
Just a small correction, the Anthropic stake is higher. ($13B + another $20B option if they hit certain milestones, which I believe is almost guaranteed)
So it's closer to $33B
In any case, there is no reason for them to purposefully hurt Anthropic.
I would say that this government "takedown" of Mythos is great free advertising. I mean, if you look at this, they said it's too risky to launch, we all said it's pure marketing, and now when it's actually "banned" for being too risky, we laugh at the "Karma", where in fact, the majority of people who are not in our circles, see it as "wow, they were not kidding".
The overall result is net gain in brand awareness to Anthropic, before an IPO, I think if we had 2 parallel universes with or without this ban, the one with is a much higher IPO outcome for Anthropic than the other.
And again, I think this all needs to be taken with Occam's razor and bit of Hanlon's razor (without going into politics, the technical savviness of this administration is not the thing it's most famous for)
Just to put things in the right perspective to those who are not aware, Amazon heavily invests in Anthropic [0] and AWS is a partner on project Glasswing (Select companies that used Mythos to find critical vulnerabilities in major open source and critical infrastructure) [1]
So I don't think there is anything sinister here, I would use Hanlon's razor [2] here...
Asking contributors to first make sure there is an approved requirement before creating a PR sounds like a great idea regardless of the use of LLM.
But another issue is - AI disclosure (agent, model etc). I'm sure others tried similar approaches, but in case this is not common knowledge - I tried to see what happens if you ask agents to disclose themselves in the PR description / comments in a rule file.
It seems to work pretty well as most AI "assisted" PRs will be opened by agents using the gh cli or MCP on behalf of the user. (Of course this can be bypassed, but for someone who doesn't mind disclosing or doesn't care, this is a good step forward)
My opinions are my own
Harden your package managers and protect yourself from supply chain attacks (no dependencies, MIT):
- https://depsguard.com - https://github.com/arnica/depsguard
Socials: - linkedin.com/in/eranmedan - x.com/eranmedan