Isn't it more like, message passing is a way of constraining shared memory to the point where it's possible for humans to reason about most of the time?

Sort of like rust and c. Yes, you can write code with 'unsafe' in rust that makes any mistake c can make. But the rules outside unsafe blocks, combined with the rules at module boundaries, greatly reduce the m * n polynomial complexity of a given size of codebase, letting us reason better about larger codebases.

I made this tool as an alternative to a slide deck for a conference on AI agents that included both policy/regulatory folks and tech folks -- I wanted something for the policy side that shows the complexity of the decentralized community behind AI agents and why regulating them is a messy topic; and for the tech side that would let you see what the actual tech is beneath the jargon.

I'd love to know what you think I got right or wrong. There's a bunch of ways to organize and structure this story, how various competing incentives are driving people to agree on common frameworks and ways of doing things. I'm curious how you would tell the story differently and what tech out on the right edge you think is coming up.

Tool: https://harvard-lil.github.io/agent-protocols/ Blog post: https://lil.law.harvard.edu/blog/2026/02/23/agent-protocols-... Code: https://github.com/harvard-lil/agent-protocols/

Comments URL: https://news.ycombinator.com/item?id=47221329

Points: 1

# Comments: 0

I wonder if you could try a variation that keeps passwords in an existing password manager and just uses this as an alternate UI client -- for example with the 1Password sdk https://developer.1password.com/docs/sdks/desktop-app-integr... or this technique for KeePassXC https://pypi.org/project/keepassxc-proxy-client/ . You could expose existing secrets under an "uncategorized" folder, and add a field like "sklad_folder": "foo/bar" to the secret if the user organizes them.

This way your crypto surface area narrows a lot -- you still need to do the integration securely and be thoughtful about any metadata you cache locally (maybe you don't need any!), but you barely touch actual secrets. And you can freeride on all the edge cases existing password managers handle -- recovery, autolock, sync etc. And you don't need to update passwords in two places. And the trust you're asking from users is less -- if I'm considering using your thing, I don't have to fret about all the little policy things you might have done differently from 1Password, I just have to check if you've made a secure frontend. And I can go partway, open up one vault to the frontend but not others, in a way I clearly understand. I'm paranoid and still wouldn't use a 3rd party client to my password manager, but for people who need this it seems like a much more attractive offer that way.

And I knew about the hieleras[1] and about Guantanamo.

And about so many other instances in history, from so many governments.

But I hoped our arc would not be toward more people treated this way, more proudly. I hoped we would stop running so eagerly toward the poison.

[1] https://www.hrw.org/report/2018/02/28/freezer/abusive-condit...

Is the project interested in supporting http-vfs readonly usecases? I'm thinking of tools like DuckDB or sql.js-httpvfs that support reading blocks from a remote url via range requests.

Curious because we build stuff like this https://news.ycombinator.com/item?id=45774571 at my lab, and the current ecosystem for http-vfs is very slim — a lot of proofs of concept, not many widely used and optimized libraries.

I have no idea if this makes sense for postgres — are the disk access patterns better or worse for http-vfs in postgres than they are in sqlite?

Unfortunately it is not a coincidence that the solution to all problems is always (a) make a loud noise (b) take your stuff (c) take away your ability to object to taking your stuff. Amoral sadistic narcissist gonna amoral sadistic narcissist. If you think you don't have enough information to predict how that's going to play out as far as family members you care about, ok.

There are a million python libraries and tools to do some overlapping subset of the things you'd want to do with a pdf.

There are no doubt another million in other languages.

These are each basically bundles of some of the transformations you'd want to make to the same underlying data structure.

So, complex pdf scripts often need two or three different libraries to get their thing done, which is wasteful at borh a dev effort and computational level.

The ecosystem would be greatly improved if someone made a great (probably rust based) in-memory low level pdf reading and writing data structure.

PDF libraries in any language could switch to using that structure and library internally, with the carrot that the switch would result in needing less code, and likely being some combination of faster and safer.

And then if they just exposed get_structure_pointer() and set_structure_pointer(), they could all interoperate for free. (Another carrot for joining -- small libraries could usefully add features and be adopted without needing to pick an existing popular library to glom onto.)

Not sure what would economically cause this to happen, but it would be great.

Meanwhile the Supreme Court has granted 16 out of 19 emergency petitions filed by the executive to overturn those rulings, grants that often require shifts in precedent without written reasoning, leading a Justice voting in the minority to describe the Court's current shadow docket practice as "Calvinball."

So (a) they are filing cases (b) they are winning (c) the Supreme Court is giving every indication that the law will be whatever it needs to be to have those cases ultimately lose.

At best a walled garden is collective bargaining -- a group of users (buyers) lock into requiring vendors to negotiate with their representative, and because their business is collectively valuable vendors have to meet higher privacy standards or whatever the users care about, which they couldn't extract if negotiating individually with huge companies like Facebook.

So, Apple will get yelled at whenever it fails to be a good agent in collective bargaining -- either by excluding quality vendors and driving up their costs, or by including low-quality vendors. Either one gives up the benefits to users of the walled garden.

An index of reliable apps is, you know, fine. An index with a business structure that ensures better collective bargaining gets interesting.

[1] https://en.wikipedia.org/wiki/Fingerprint

Minesweeper is more like a quirky old wooden board game, charming because it's always been what it is, warts and all.

It's been below 300 ppm for at least the last 800,000 years, had now increased to over 400 ppm in a pattern that directly maps to the industrial revolution, radiocarbon dating traces the carbon in the atmosphere to "old" carbon like that from fossil fuels, and the known sources of human emissions adequately explain the increase.

Did you measure subjective fatigue as one way to explain the misperception that AI was faster? As a developer-turned-manager I like AI because it's easier when my brain is tired.

After a short google, I think it does not have reproducible builds for Mac, Windows, or iOS. It does for Linux and Android, though there's a long Android bug thread that sounds like the reproduction test script is typically broken.

(Not a binary -- ground truth is available enough for AI to be useful to lots of programmers.)

Not really the point of the article, but, does it? This[0] says the bed is 60 inches long and 43 wide, and plywood is 96x48 inches. Is it like, any vehicle fits plywood if you cut it to the size of the truck or stack it on top?

[0] https://www.thedrive.com/news/the-slate-truck-is-two-feet-sh...

Crypto makes large technical sacrifices for the sake of being harder to regulate. I don't think that's a desirable quality for insurance and mortgages.

Funny, I also work on academic sites (much smaller than arXiv) and we're looking at moving from AWS to bare metal for the same reason. The $90/TB AWS bandwidth exit tariff can be a budget killer if people write custom scripts to download all your stuff; better to slow down than 10x the monthly budget.

(I never thought about it this way, but Amazon charges less to same-day deliver a 1TB SSD drive for you to keep than it does to download a TB from AWS.)

Specifically the core design principal is you have to be comfortable with any possible combination of things your agent can do with its tools, not only the combination you ask for.

If your agent can search the web and can access your WhatsApp account, then you can ask it to search for something and text you the results -- cool. But there's some possible search result that would take over its brain and make it post your WhatsApp history to the web. So probably you should not set up an agent that has MCPs to both search the web and read your WhatsApp history. And in general many plausibly useful combinations of tools to provide to agents are unsafe together.