HackerLangs
TopNewTrendsCommentsPastAskShowJobs

berkes

6,018 karmajoined 15년 전
Ruby and Rust Developer.

[ my public key: https://keybase.io/berkes; my proof: https://keybase.io/berkes/sigs/uXC3DKS9jat3AILQSm_fIb03uxFV1JSKz8MqCKwzD90 ]

Submissions

Europe's Plan to Unleash Its Startups| 28th Regime

youtube.com
1 points·by berkes·8개월 전·0 comments

comments

berkes
·그저께·discuss
> due to your political bias.

That's a wild accusation. Unless you happen to know me, but I don't think you do.

"Lobbying to reduce taxes" was a part of an example. The big problem is their "lobbying for greater freedom".

Yes, governments should be held in check. Systems strengthened to keep governments afraid of the people (not companies) they govern. So that they can keep those that are stronger than me and use that strength to harm me, amongst wich are companies, in check. We have most of this in place. It can (and should be) improved. But we have very little in place to keep companies in check. Antitrust cannot (or is not) used against monopolies, (so the common free-market mechanisms of peoples free movement between suppliers aren't working anymore). Laws that protect humans against companies abolished or not modernized. Information (on which agents in the free-market must operate) is less and less trustworthy, mostly a result of companies spreading that (mis)information.

And TBC, companies have harmed people, are doing so as we speak, whole cities, whole countries. They have actively destabilized governments. Not just "somewhere in Africa", but in the US, in Europe. That's an undeniable fact. Many companies will then spend a lot of effort (and money and influence) to be not held accountable (that is harder to prove, obviously). Many companies will wield influence to be allowed to wield firepower, in all it's forms and shapes.

I am from a country with one of the worst examples of such a company in human history, the V.O.C. Who had such power that it had private armies, was accountable to no-one, grew so large that no "official government" could force it to do anything, for over a century. It literally enslaved people, killed inefficient workers, over-exploit and deplete entire ecosystems, etc etc. We should actively and strongly work against such companies from ever coming back (if they ever really left)

Read more history.
berkes
·그저께·discuss
That government has the monopoly of violence against the company too. They can easily strongarm the company into harming me.

With private security companies, private jails, private utilities, the harm both can and will do, is practically the same. And with the boundaries of "private" and "government" becoming more opaque (like private tech companies deciding who is to be detained and who not; who is allowed to access their money; or do their jobs, etc) the difference is even more theoretic.

A government that has absolute power over a company/sector, can (and will, in my belief) use that power to make the company/sector do it's work. Making this company/sector just as dangerous as the company.

If I get mistreated at an airport (of a democratic country), and the agents doing the mistreating are civil-servants, they (or their chain of command) are democratically held accountable. But if they are employees of Acme-Security Inc, granted the right of violence by the democratic government, there's nothing I can do, no-one to appeal to. Both cases are something I, an individual, cannot do anything against. I am mistreated anyway.
berkes
·그저께·discuss
> If I need to pay someone 300k to make the model and infrastructure

I was arguing for the existing AI-companies that already make and offer niche models. Like Mistral. But AFAICS, all AI companies have and offer such models.

So all you need to do, is use the existing models. And, yes, select it.

Which, ironically, I would highly value as a niche model myself. I spend way too much time following the breakneck race of the various companies just to pick the right models for my tasks at hand. "Just pick the latest" often yields worse results, or is magnitudes more expensive, or significantly slower, or all of it. "Just pick the most popular" can prove expensive, inefficient for some task etc. This investment, also ironically, has proven something of a "moat" for me. I know very well what Mistral and Anthropic offer. So I won't even bother with OpenAI, Google, X, Tencent etc etc etc models. I just don't have the time to keep researching the latest offers for their pros and cons.

A model that acts as "decision maker" and as proxy, as a conductor, that directs and transforms my questions and sends them off to the right model, right tools, right MCP etc, would be very welcome for me. So that I can just pick that one, and have the highly dynamic world of LLMs and other models shift like undercurrent beneath the surface of this One Model To Rule Them all.
berkes
·그저께·discuss
The General Models' business-model is also looking more weak every iteration.

Costs of simple tasks grow extensively: OCR with "Mistral OCR" at $4 per 1000 pages vs OCR with Opus 4.8 at sometimes¹ $1 per "page".

Or just the immense costs when burning tokens in an unoptimized agentic coding environment costing tens of dollars for a few simple classes or functions versus a highly optimized "autocomplete" model costing under $10 for thousands of such classes and functions.

Or the, over ten dollars worth of tokens when some "agent" using a general model, tries to perform the task I gave it to "read the event on example.com/event/1337 and put it in my calendar", include commute time as well"

The "general models" currently only become smarter by growing bigger and having larger context windows - by becoming exponentially more expensive to train and to run and to interact with. Whereas "Niche" models can do the things that "normal code" cannot do, and improve by tuning and tweaking only that. Their goal is then to fill in gaps that traditionally are hard or impossible with normal software. Wheras the goal of a general model (with agentic reasoning)is to replace that entire "normal software".

One example: I am not interested in "chatting with my calendar". I'm interested in a calendar because it is a well known view (UI) of my planning and tasks, but I see a lot of opportunities where AI can improve my working with this calendar. I may be interested in a smarter screen when I hit "+ Add event"; one that has knowledge of my previous events and patterns (some RAG vector db maybe). One that maybe has access to content I just copied, or read (though: privacy?) or can open my camera to let me shoot a pic of something that has the event info on it. In such a set-up, Niche LLMs perform dedicated tasks: determine patterns (he always books a Yoga class on wednesday or thursday, two days in advance, so lets suggest a yoga class), determine existing content (event is planned 100Km from his home, so lets suggest the commute based on previous commutes like this). Or an OCR model. Or an autocomplete model. Relatively simple, niche models, called from within software to aid me when "calendaring". Not replace the entire calendar with some chat.

¹Edit: This was a rather unscientific research of mine, where I compared some models to read from photographs, compared purely on costs and timing. "Opus" or other generic LLMS with image input capabilities commonly did better on "performance" esp with difficult input such as a picture of a poster of some rock event.
berkes
·3일 전·discuss
Companies fall under the government. So what a company harvests (to sell more toilet bowl cleaner), is accessible to the government it falls under.

By that logic, you should fear companies at least as much as their governments when handing them your data.

But companies have additional goals: to increase profit. Which can be achieved by selling more toilet bowl cleaner. But also by externalising harm/pollution/costs, monopolising, reducing taxes, etc. All of which harm you, personally.

So, sure, worry about governments. But worry more about (big) companies. Read more history.
berkes
·17일 전·discuss
All AI companies are working on models with specialisms. Which are really good at one task.

Mistral is just a bit more forward about this. I guess because they don't need/want to "wow" an audience with generalist user-facing tools (chat) that seem to be experts in everything (but in reality quite often will be a lot of such specialist models chained together).

Here, what you want, is really just a few python scripts away. Voxtral to turn your spoken prompt into text, piped into mistral large 3 with extra system prompts that creates a prompt for ocr and paths to files. It could do this in a loop to actually find those files. which you throw at ocr3, is pased back to misteal large 3 to interpret and turn into decisions.

This is common. It's rather uncommon, really, to build something like this using only one model for everything.
berkes
·21일 전·discuss
I'd imagine the (aggressive) caching of the favicon by browsers makes it a challenge, but you could generate the favicon dynamically, then have JS extract the sequentially. Basically streaming arbitraily large content to a webpage via favicons. Via blocks of 239 bytes.

It may be a fun, novel way to proxy webpages that are otherwise blocked. Though, i guess, the service rendering the favicons can just as easily be blocked then.
berkes
·21일 전·discuss
An SVG can embed raster images: base64 encoded bytes.

So you could layer this experiment: favicon is svg, that contains encoded raster, whose bytes are encoded html.

At the very least it would make a mindboggling CTF step.
berkes
·25일 전·discuss
In the Netherlands there's an official government agency that allows a simple mail or report: https://www.ncsc.nl/en/report-an-incident-to-ncsc-nl

I presume more countries have this, not sure about the US though (CISA maybe? CERT/CC?). CERT is the overarching org that manages local agencies like this Dutch NCSC. Though I am not sure if and how easy it is, globally, to report incidents.
berkes
·25일 전·discuss
Same here.

I tried content-types, user-agent, but no luck. I'm not sure what the user-agent of `req` is, but the default `node-fetch/1.0` does make the response json. They are a 307, but the result is a png.

I presume the original payload may have contained information that the hackers want to keep from prying eyes. Esp. now that it landed on HN, it makes sense to take it offline and replace with an actual png to avoid people finding information in it that may harm their future hacks or so?
berkes
·지난달·discuss
Probably my reference is tainting this then. I come from Perl, PHP (both of which, at that time, had nonexisting or terrible package managing - CPAN, PEAR), then Ruby, with gems and now Python, Typescript/Javascript. Starting with Ruby, I've developed in communities that heavily depend on deep dependency trees.

For me, the discipline of shallow dependencies, no-dependencies etc, was new when I came to rust.

Sure, if I pull in something like Rocket, it comes with dependencies, that have dependencies that have dependencies. But Rocket is one of the more extreme examples I know of, and even that is nowhere near the depth of a tree that common (not extreme) npm frameworks/libraries come with. Before yarn I sometimes had node-module trees that went over 50 levels deep.

The Python community doesn't have this extreme deep dependencies, but in Python it is far more common to "from foo import bar" in both libraries and in applications than to write a few hundred lines of code yourself. The Django and "lean" flask, or "simple" cli apps I worked with and on, quite commonly have hundreds of dependencies (many of which are dependencies of dependencies etc).

Within that context, rust community is far more conservative. Many of the dependencies that I use have one, maybe two of their own deps. Many none. And it's more common - IME - to see libraries that have just one level of deps - the libs a lib depends on, itself won't have deps.

Though, I guess, C or even C++ community, lacking OOTB, common and easy dependency management like cargo, will be far more conservative even.

Rather than being "flat out wrong", I'd say it very much depends (pun intended) on where you come from and compare rust with.
berkes
·지난달·discuss
That's the default. One can also statically bind that libc.so.6 quite easily. Though that's not the default.

edit: Ironically, that makes shipping the binary a tad harder, since this "linux" version won't "magically" run on about every Linux, or mac version on mac, etc. I guess that's why its not the default, though that's just me guessing.
berkes
·지난달·discuss
"Written in Rust" signals some common attributes.

Fast, Safe, Lightweight, Statically linked (plop a precompiled binary in ~/.local/bin and run it), few/shallow dependencies, senior developers, "Done" software.

Now, certainly no guarantees, enough counter-examples, I know. And attributes that one can get with anything from PHP via Javascript to Lisp as well. Some attributes have stronger correlation than others too.

But, in general, "rust" has a (much) higher chance of meeting these attributes. I care about those attributes above anything else.
berkes
·지난달·discuss
> Rust even doesnt do the static binary file by default.

Huh? It does. Only libc is dynamically linked, by default, which --iirc-- all programs will commonly need anyway. All the rest is statically linked.

In fact, it takes some hoop-jumping to build dynamically linked binaries with cargo.
berkes
·지난달·discuss
> AI Art isn't Art

Why?

(And who are you to dictate what art is and what isn't?)
berkes
·지난달·discuss
I know of https://usbguard.github.io/

But I remember that on Linux changing some /etc/udev file helped me with some naggy bug long ago. I worked temporary in an office with several wonky USB keyboards. Whenever someone disconnected their tablet or laptop from their KB (ie shut the lid), my linux would pick it up and suddenly connect to this KB. A little googling and some trial-error and I had my linux set-up that it would only connect to whitelisted USB devices.

Which, months later, caused me insane headaches when I could not find why a new USB microphone wasn't working, despite it being advertised as "works on linux"....
berkes
·지난달·discuss
What Bluetooth profile would allow "more" than a HID?
berkes
·지난달·discuss
They can fix it. They have certainly figured out how. But their "killer feature" is not that you don't receive spam, it's that the mail you send isn't flagged as spam by their fellow oligopolists.

We're now at the place where it's virtually impossible to run your own mailserver and have the mail delivered, consistently at Gmail and Outlook/Live/Hotmail. At least not without hours a month tuning, re-configuring, monitoring etc.

Basically, Gmail, Apple Mail, Microsoft, Yahoo (and to lesser extent, Fast-email, proton, or one of the handfull of dedicated email providers) have cemented an oligopoly. You must invest serious infrastructure, time and effort, or else your mail will be /dev/nulled (at random, often).

This "anti-spam" works, reasonably well. Because Gmail can now trust that Microsoft has measures in place to disencourage new accounts from sending large amounts of mails - and vice versa. Obviously Gmail can trust other Gmail accounts. And so they have a win-win-win.

win: No need for heavy, resource-intensive spam-training or scanning for the bulk of incoming mail - if its from a fellow BigTech, let it through. Win: an almost impossible high barrier to entry for any serious competitors. Win: Lock in, because anyone wishing to move will see their email not reach the inboxes of users at other Big Tech - aka the vast majority of inboxes.
berkes
·지난달·discuss
Have you considered collecting all the literals into domains, but ship them by default?

I could, for example, imagine using roto in some of my current work on svg and visuals generation. In which case I'd be greatly helped with literals like "colors", "vec2", "angle" etc. I'd imagine that as long as other literals which I don't need, like an IP address, aren't in the way, it's still greatly beneficial to have a large lib to pick and choose from, around.
berkes
·지난달·discuss
I'm author of a rust based task manager (not (yet) FLOSS, unfortunately), where we needed "pluggable task sources" (jira, github, trello, etc).

In our setup, the "sources" are more like configuration. Whereas the core, the business logic, is more like code.

Typically, one would configure with e.g. YAML. As we can see in many projects, that have a DSL, in yaml (k9s, GitHub actions, ansible, etc). But, rather than inventing another DSL in yaml, we realized we do need some logic, something very poorly expressed in yaml. And we went for Lua.

Long story to say: if your config typically has some logic in it, it makes sense to go for an embedded scripting language to provide it, rather than building it into the core domain, or to invent yet-another-yaml-amalgation (yayamla?)