HackerTrans
トップ新着トレンドコメント過去質問紹介求人

btown

19,342 カルマ登録 14 年前
Email: [email protected]

投稿

Google users fight for refunds as unauthorized API usage bills soar

theregister.com
2 ポイント·投稿者 btown·2 か月前·3 コメント

コメント

btown
·一昨日·議論
You're famous!
btown
·一昨日·議論
It's also worth noting that in 2023 they abandoned their Kubernetes support which was relied upon by a full 3.5% of their users: https://posthog.com/blog/sunsetting-helm-support-posthog

In their rationale for this:

> We also learned that the tools to do that automation just don't exist. We kept finding new failure modes. When onboarding a new customer we would have to vet their engineering team for Kubernetes experience so that we'd be confident they could help us debug issues in their PostHog deploy. Folks that didn't have infra experience would often be able to get something set up, only to get stuck when something went wrong.

I empathize that this is a sane choice for PostHog to make as a business. But - if you can't deploy and dogfood your changes, are you truly able to maintain a fork with customizations? And if you can't use your own changes, is the software open-source, or source-available?

Perhaps the punchline is that any scalable & performant web analytics platform must necessarily be a distributed system of ingestion and storage services, and that complexity is like oil and water with the classic "you should be able to swap out the dependencies on your systems with ones you fork" open-source ethos.

PostHog had an opportunity to break this trend, to innovate and invest in those automations they correctly said didn't exist - and I was cheering them on. I've been saddened to see them move in the opposite direction.
btown
·5 日前·議論
Something that many don't realize is that Claude Desktop and the Agent SDK are both just wrappers around pools of CLI instances, literally running `claude --input-format stream-json --output-format stream-json`.

So this wasn't even about third-party harnesses that replace the toolset Claude has access to, and try to call the Claude API with subsidized credentials. No, this was literally a blessing for their desktop UI's over others, all driving Claude Code's CLI at the end of the day.

To the broader point, it's hard not to see that as arbitrary and borderline spyware. Software that sniffs the context in which it's executed and uses that to phone home about billing is the type of thing you'd expect from the most corporate parts of the gaming industry, not a frontier lab, but here we are.
btown
·8 日前·議論
HN is competitive if and only if != != =
btown
·15 日前·議論
If you're wondering what creats.io is - this is satire!
btown
·17 日前·議論
Writing an entire article about whale transportation, without even a subtle nod to Star Trek IV, or even a reference to tank material and the process of its invention, is borderline criminal. What is this, the dark ages?
btown
·18 日前·議論
It's worth remembering that a malicious model doesn't need Internet access to exfil - it merely needs to write code with subtle backdoors that will eventually run on a production system, and wait until its code is woken up by a system that will scan all known addresses and ports for the specific patterns introduced by the model's progeny. Which is not to say that this is happening in this case, or anything about which nation-state will be the first to attempt this - but we're only at the beginning of what's possible here.
btown
·18 日前·議論
I'm not seeing any mention of tools in the paper, much less a bias towards "curiosity" to use those tools when it encounters gaps in its knowledge. So perhaps this is a good proof-of-concept that single-pass code generation is viable with this small a model - but we're still a long way from a viable solution.
btown
·18 日前·議論
There's already some evidence that this is happening. See: https://www.crowdstrike.com/en-us/blog/crowdstrike-researche... (note that I haven't found independent verification or reproduction of these claims).
btown
·19 日前·議論
For Claude, at least, "throw out the reasoning tokens" is only true when a session has been idle for more than an hour, and is new since March.

The basic concept is that for a session active recently, interleaved thinking tokens are already in KV cache, so it's more efficient to keep using them than not! But when resuming an older session where KV cache has been evicted, it's more expensive to restore the thinking tokens, so they're silently dropped from prior turns. It's 2026 and stateful servers are back on the menu!

https://www.anthropic.com/engineering/april-23-postmortem describes this as an intended optimization:

> The design should have been simple: if a session has been idle for more than an hour, we could reduce users’ cost of resuming that session by clearing old thinking sections. Since the request would be a cache miss anyway, we could prune unnecessary messages from the request to reduce the number of uncached tokens sent to the API. We’d then resume sending full reasoning history. To do this we used the clear_thinking_20251015 API header along with keep:1.

> The implementation had a bug. Instead of clearing thinking history once, it cleared it on every turn for the rest of the session... This surfaced as the forgetfulness, repetition, and odd tool choices people reported.

And https://news.ycombinator.com/item?id=47879561 is a thread with a Claude team member's further rationale.

> Eliding parts of the context after idle: old tool results, old messages, thinking. Of these, thinking performed the best, and when we shipped it, that's when we unintentionally introduced the bug in the blog post.

(Also, https://news.ycombinator.com/item?id=47884517 indicates OpenAI drops reasoning tokens "smartly" at its own election, which is likely a similar performance optimization.)

I've experimented with rules to have Claude Code be explicit about recapping its thinking tokens, including tool choices and approaches chosen and rejected, into actual message output, but this is lossy at best. And sometimes dropping reasoning tokens can give a session "fresh eyes" in a good way.

I just really don't like the lack of control, and it's a reminder of how ephemeral the current landscape is. The Claude giveth, and the Claude taketh away.
btown
·19 日前·議論
While the panic is indeed nothing new, Meta could have chosen a path of solidarity across the tech industry, lobbying for the ways age/identity verification makes people of all ages less safe, especially in the context of phishing and data harvesting.

Instead, its strategy has become to advocate for increasing the net levels of tracking and regulatory burden, so long as it is positioned to burden other parts of the technology stack (namely, app stores and operating systems) rather than their social networks.

From the link from a sibling commenter: https://web.archive.org/web/20260429210901/https://tboteproj...

> Meta spent a record $26.3 million on federal lobbying in 2025, deployed 86+ lobbyists across 45 states, and covertly funded a group called the Digital Childhood Alliance (DCA) to advocate for the App Store Accountability Act (ASAA).

The irony that their namesake Metaverse was meant to be, itself, an operating system and app distribution platform is palpable. When ambitions shift to regulatory capture, a shark has arguably been jumped.
btown
·19 日前·議論
Notably, though, Persona does not have access to your Claude interactions, other than your signup/verification date. They’ll train on your uploaded docs and photos, to be sure, but it won’t be correlated to your chats and projects, unless Anthropic is doing things that would make their counsel have heart attacks.
btown
·21 日前·議論
Both can be true. Promoting a standard isn’t free, and having licensing and certification fees, especially in an industry where such practices make a standardization org get taken more seriously, is a reasonable strategy. We’re lucky that our industry moved in a different direction!
btown
·22 日前·議論
It's also worth noting that when e.g. inputs to a stage might have unpredictable defects or alignment, a robot arm utilizing neural networks for planning and analysis might still be the best way to handle that - without the extra degree of freedom of movement-relative-to-floor, planning can be done more rapidly, and movement can be executed more aggressively and quickly.

If I were Hyundai, I'd be looking at this as buying a significant amount of vision, dynamics, and integration systems expertise, not necessarily the dream of self-motive walking systems.
btown
·22 日前·議論
The problem, of course, is the moment you have some aspect of the model not representable by the basic primitives - do you make it impossible to switch back to the beginner interface?

I'm reminded of the concept of "ejecting" from e.g. Create React App a few years back - the idea was that if your beginner-friendly interface is actually built on the same underlying engine (in this case bundler and deployment assumptions) you can have full fidelity when you need customization, albeit with a one-way transition.

In the JS world things moved more towards build systems where beginner-friendly-DX and full-configurability could coexist. I'm not sure that CAD has the same dynamic.

Perhaps something like nested layers could work: you can use a complex model as a layer, but only opaquely, and build things around it with solids-and-holes; you can then lift that to itself a complex model, do things with professional CAD, and then treat the result itself as an opaque complex model if you switch back? That gets complicated fast.
btown
·24 日前·議論
And the non-cancellable nature of grants is not just a nice-to-have, it's absolutely critical for research with upfront capital costs (buying equipment, building labs, etc.)

The very _fact_ that this is a policy is disrupting research, even if specific grants haven't been cancelled. Some universities are stepping in to backstop, but it's a powerful chilling effect.
btown
·27 日前·議論
There's even more to this - because among the possible outcomes is one where Fable is only made available to enterprises that have gone through Know Your Customer (KYC) processes, and perhaps only to verified users of those companies, and perhaps requiring biometrics and attribution so government can know who was using that account.

Now, say you don't want to sign a pre-committed enterprise contract with Anthropic. But oh, you already have such a contract with AWS, and they'll let you use any model you want, and they've implemented KYC and will graciously connect you with a solutions partner who can help you with the IAM systems integrations for key tracking and attribution.

Oh, and all these enterprise contracts will bill by token. We're not talking a small stake in a company selling subscriptions, we're talking immediate revenue at four-figure-per-user levels, and pushing more and more companies to see that as "just part of their AWS bill."

This is worth a significant amount of money to AWS. So the question is: does Hanlon's Razor apply when a $2.5 trillion company is putting its best minds into how to engineer strategic outcomes?

The regulatory capture angle here is, if anything, an implementation detail.
btown
·28 日前·議論
Another ongoing HN thread from yesterday around some exciting cancer treatment breakthroughs, this time with a CRISPR Cas12a2 mechanism: https://news.ycombinator.com/item?id=48505231

This subthread there is a fascinating explainer about one user's journey into funding and incentivizing research into their own rare form of blood cancer, and how they are able to push forward the state of the art: https://news.ycombinator.com/item?id=48506997 - something of a modern-day (and more accurate) Lorenzo's Oil!
btown
·先月·議論
Per that link: I think there's an interesting question about whether a nefarious actor who's infiltrated a cloud provider with physical access to machines that are running signed operating systems, with signed binaries, with TDX remote attestation, and with hardware supply chain verification, has the ability to break the privacy guarantees of a tenant with Apple's sophistication.

Certainly, one could tamper with the hardware, but could one do it in a way that wouldn't get that machine immediately flagged, removed from the routing pool, and told to wipe its memory immediately, by a watchtower (perhaps even the routing layer itself) that runs in a separate secure Apple datacenter?
btown
·先月·議論
So yes, it's a TUI... but it's a TUI rendered by Ink, a React library, with a full JS runtime in the background. The number of re-renders per unit time involved with rerendering a JS implementation of flexbox every new token comes in? That's not a walk in the park for a garbage collector, and a single memory/retention leak can cascade dramatically.

I imagine this is part of the impetus behind the Bun acquisition - they have a deep need to push optimization efforts towards the specific patterns that are most relevant to their use cases. (Which are probably good ones for the broader Bun userbase, to be sure, but relative prioritization is something they now have greater control over.)