<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: ayende</title><link>https://news.ycombinator.com/user?id=ayende</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Fri, 17 Jul 2026 07:15:00 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=ayende" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by ayende in "Designing APIs for Agents"]]></title><description><![CDATA[
<p>> Defaults are bad. Agents can be expected to read the documentation, register what good starting values are, and fill them all in, in place.<p>That is pretty bad, when you now need to look at this code, and you have 95% of the output being craft, but sometimes it isn't, and you need to understand the difference between each.<p>A great example of that is:<p><pre><code>    int fd = open("log.txt", O_RDONLY);

</code></pre>
Versus:<p><pre><code>    // 1. Manually build and initialize the Security Attributes structure
    SECURITY_ATTRIBUTES sa;
    sa.nLength = sizeof(SECURITY_ATTRIBUTES);
    sa.lpSecurityDescriptor = NULL; // Explicitly no custom security descriptor (inherits default)
    sa.bInheritHandle = FALSE;       // Explicitly state this handle cannot be inherited by child processes

    // 2. We need a handle for the template file parameter. 
    // Win32 requires this to be an active file handle opened with GENERIC_READ, or explicitly INVALID_HANDLE_VALUE.
    HANDLE hTemplateFile = INVALID_HANDLE_VALUE; 

    // 3. Now we call CreateFile with every single parameter fully populated
    HANDLE hFile = CreateFile(
        "log.txt",                 // 1. lpFileName: The file we want to open
        GENERIC_READ,              // 2. dwDesiredAccess: Read-only access
        FILE_SHARE_READ,           // 3. dwShareMode: Prevents any other process from writing to it
        &sa,                       // 4. lpSecurityAttributes: Pointer to our explicitly defined struct
        OPEN_EXISTING,             // 5. dwCreationDisposition: Only open if it already exists
        FILE_ATTRIBUTE_NORMAL,     // 6. dwFlagsAndAttributes: Normal file, no special caching or async flags
        hTemplateFile              // 7. hTemplateFile: Passing our explicit invalid handle instead of NULL
    );
</code></pre>
An agent can output the second just as well, sure.
However... which one do you think is better to read or understand?<p>Did you catch the fact that this is blocking concurrent writers? Or that we expected the file to exist?<p>Or what about:<p><pre><code>    HFONT hFont = CreateFont(
        12, 0, 0, 0, FW_NORMAL, TRUE, FALSE, FALSE, 
        DEFAULT_CHARSET, OUT_DEFAULT_PRECIS, CLIP_DEFAULT_PRECIS, 
        DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, "Arial"
    );
</code></pre>
Versus:<p><pre><code>    const char* fontPath = "/usr/share/fonts/truetype/msttcorefonts/arial.ttf";
    FT_New_Face(library, fontPath, 0, &face);
    FT_Set_Pixel_Sizes(face, 0,16  );
</code></pre>
Same thing, but actually understanding what is going on is orders of magnitude different.</p>
]]></description><pubDate>Wed, 15 Jul 2026 22:25:12 +0000</pubDate><link>https://news.ycombinator.com/item?id=48927931</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=48927931</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48927931</guid></item><item><title><![CDATA["Optimizing" Concurrent Regexes]]></title><description><![CDATA[
<p>Article URL: <a href="https://ayende.com/blog/204035-a/optimizing-concurrent-regexes">https://ayende.com/blog/204035-a/optimizing-concurrent-regexes</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=48601510">https://news.ycombinator.com/item?id=48601510</a></p>
<p>Points: 2</p>
<p># Comments: 0</p>
]]></description><pubDate>Fri, 19 Jun 2026 18:21:39 +0000</pubDate><link>https://ayende.com/blog/204035-a/optimizing-concurrent-regexes</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=48601510</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48601510</guid></item><item><title><![CDATA[New comment by ayende in "Anthropic is expanding to Colossus2. Will use GB200"]]></title><description><![CDATA[
<p>Nevertheless, you are still talking about 15B / year - when the initial investment was < 30B.
That investment also probably covers things like power, salaries, etc.<p>So you are still covering all of that.</p>
]]></description><pubDate>Thu, 21 May 2026 11:19:46 +0000</pubDate><link>https://news.ycombinator.com/item?id=48220803</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=48220803</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48220803</guid></item><item><title><![CDATA[The 'Million AI Monkeys' Hypothesis and Real-World Projects]]></title><description><![CDATA[
<p>Article URL: <a href="https://ayende.com/blog/203907-B/the-million-ai-monkeys-hypothesis-real-world-projects?key=76196b00f0e44d7aa5874187133e99c0">https://ayende.com/blog/203907-B/the-million-ai-monkeys-hypothesis-real-world-projects?key=76196b00f0e44d7aa5874187133e99c0</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=47178292">https://news.ycombinator.com/item?id=47178292</a></p>
<p>Points: 1</p>
<p># Comments: 0</p>
]]></description><pubDate>Fri, 27 Feb 2026 08:59:33 +0000</pubDate><link>https://ayende.com/blog/203907-B/the-million-ai-monkeys-hypothesis-real-world-projects?key=76196b00f0e44d7aa5874187133e99c0</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=47178292</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47178292</guid></item><item><title><![CDATA[New comment by ayende in "What Does a Database for SSDs Look Like?"]]></title><description><![CDATA[
<p><i>All</i> financial systems don't care about time.<p>Prety much all financial transactions are settled with a given date, not instantly.
Go sell some stocks, it takes 2 days to actually settle. (May be hidden by your provider, but that how it works).<p>For that matter, the ultimate in BASE for financial transactions is the humble check.<p>That is a great example of "money out" that will only be settled at some time in the future.<p>There is a reason there is this notion of a "business day" and re-processing transactions that arrived out of order.</p>
]]></description><pubDate>Sat, 20 Dec 2025 15:48:27 +0000</pubDate><link>https://news.ycombinator.com/item?id=46336982</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=46336982</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46336982</guid></item><item><title><![CDATA[New comment by ayende in "What Does a Database for SSDs Look Like?"]]></title><description><![CDATA[
<p>Committing to NVMe drive <i>properly</i> is <i>really</i> costly. I'm talking using O_DIRECT | OSYNC or fsync here. 
Can be in the order of whole milliseconds, easily. And it is <i>much</i> worse if you are using cloud systems.</p>
]]></description><pubDate>Sat, 20 Dec 2025 15:43:37 +0000</pubDate><link>https://news.ycombinator.com/item?id=46336952</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=46336952</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46336952</guid></item><item><title><![CDATA[New comment by ayende in "Rust GCC backend: Why and how"]]></title><description><![CDATA[
<p>Isn't that very much intentional on the part of GCC?</p>
]]></description><pubDate>Tue, 16 Dec 2025 13:59:43 +0000</pubDate><link>https://news.ycombinator.com/item?id=46288546</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=46288546</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46288546</guid></item><item><title><![CDATA[New comment by ayende in "Indexing 100M vectors in 20 minutes on PostgreSQL with 12GB RAM"]]></title><description><![CDATA[
<p>That suffer from a serious issue<p>You must have the data upfront, you cannot build this in an incremental fashion<p>There is also bo mention on how this would handle updates, and from the description, even if updates are possible, this will degrade over time, requiring new indexing batch</p>
]]></description><pubDate>Sat, 13 Dec 2025 17:22:51 +0000</pubDate><link>https://news.ycombinator.com/item?id=46256177</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=46256177</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46256177</guid></item><item><title><![CDATA[New comment by ayende in "Why is Zig so cool?"]]></title><description><![CDATA[
<p>Not this is explicitly marked as Not Planned</p>
]]></description><pubDate>Sat, 08 Nov 2025 11:03:42 +0000</pubDate><link>https://news.ycombinator.com/item?id=45855831</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=45855831</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45855831</guid></item><item><title><![CDATA[New comment by ayende in "The Case Against PGVector"]]></title><description><![CDATA[
<p>> maintenance_work_mem<p>That <i>kills</i> the indexing process, you cannot let it run with limited amount of memory.<p>> How do you think a B+tree gets updated?<p>In a B+Tree, you need to touch log H of the pages.
In HNSW graph - you need to touch literally thousands of vectors once your graph gets big enough.</p>
]]></description><pubDate>Mon, 03 Nov 2025 15:48:55 +0000</pubDate><link>https://news.ycombinator.com/item?id=45800352</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=45800352</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45800352</guid></item><item><title><![CDATA[New comment by ayende in "Linux VM without VM software – User Mode Linux"]]></title><description><![CDATA[
<p>Probably avoid zero write optimizations.
This force actual allocation of disk space for the data, instead of pretending to do so.</p>
]]></description><pubDate>Tue, 28 Oct 2025 10:03:50 +0000</pubDate><link>https://news.ycombinator.com/item?id=45730981</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=45730981</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45730981</guid></item><item><title><![CDATA[New comment by ayende in "AWS Service Availability Updates"]]></title><description><![CDATA[
<p>Amazon Glacier on the list is a pretty big surprise to me.</p>
]]></description><pubDate>Mon, 13 Oct 2025 21:33:25 +0000</pubDate><link>https://news.ycombinator.com/item?id=45573571</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=45573571</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45573571</guid></item><item><title><![CDATA[New comment by ayende in "The email they shouldn't have read"]]></title><description><![CDATA[
<p>That isn't spying. That is called doing code review on a shared depenendcy</p>
]]></description><pubDate>Wed, 08 Oct 2025 21:59:00 +0000</pubDate><link>https://news.ycombinator.com/item?id=45521094</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=45521094</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45521094</guid></item><item><title><![CDATA[New comment by ayende in "Improved Gemini 2.5 Flash and Flash-Lite"]]></title><description><![CDATA[
<p>OpenAI, Ollama, DeepSeek all do that.<p>And wanting to programmatically work with the result + allow tool calls is super common.</p>
]]></description><pubDate>Fri, 26 Sep 2025 05:39:16 +0000</pubDate><link>https://news.ycombinator.com/item?id=45383055</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=45383055</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45383055</guid></item><item><title><![CDATA[New comment by ayende in "Rails on SQLite: new ways to cause outages"]]></title><description><![CDATA[
<p>Even with very small number of requests - what happens when you have two concurrent ones?</p>
]]></description><pubDate>Fri, 12 Sep 2025 06:26:15 +0000</pubDate><link>https://news.ycombinator.com/item?id=45219191</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=45219191</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45219191</guid></item><item><title><![CDATA[AI Agents Security: The on-behalf-of concept]]></title><description><![CDATA[
<p>Article URL: <a href="https://ayende.com/blog/203140-A/ai-agents-security-the-on-behalf-of-concept">https://ayende.com/blog/203140-A/ai-agents-security-the-on-behalf-of-concept</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=45147192">https://news.ycombinator.com/item?id=45147192</a></p>
<p>Points: 2</p>
<p># Comments: 0</p>
]]></description><pubDate>Sat, 06 Sep 2025 06:50:44 +0000</pubDate><link>https://ayende.com/blog/203140-A/ai-agents-security-the-on-behalf-of-concept</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=45147192</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45147192</guid></item><item><title><![CDATA[New comment by ayende in "io_uring is faster than mmap"]]></title><description><![CDATA[
<p>This is wrong, because your mmap code is being stalled for page faults (including soft page faults that you have when the data is in memory, but not mapped to your process).<p>The io_uring code looks like it is doing all the fetch work in the background (with 6 threads), then just handing the completed buffers to the counter.<p>Do the same with 6 threads that would first read the first byte on each page and then hand that page section to the counter, you'll find similar performance.<p>And you can use both madvice / huge pages to control the mmap behavior</p>
]]></description><pubDate>Fri, 05 Sep 2025 05:57:35 +0000</pubDate><link>https://news.ycombinator.com/item?id=45135399</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=45135399</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45135399</guid></item><item><title><![CDATA[New comment by ayende in "How many HTTP requests/second can a single machine handle? (2024)"]]></title><description><![CDATA[
<p>Another way to do that is to look at the tech empower benchmarks.
It tests on big machines, but you can get > 1 M req/sec across a wide variety of environments.</p>
]]></description><pubDate>Sun, 31 Aug 2025 18:43:07 +0000</pubDate><link>https://news.ycombinator.com/item?id=45085795</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=45085795</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45085795</guid></item><item><title><![CDATA[New comment by ayende in "AI models need a virtual machine"]]></title><description><![CDATA[
<p>That is the wrong abstraction to think at. The problem is not _which_ tools you give the LLM, the problem is what action it can do.<p>For example, in the book-a-ticket scenario - I <i>want</i> it to be able to check a few websites to compare prices, and I want it to be able to pay for me.<p>I don't want it to decide to send me to a 37 hour trip with three stops because it is 3$ cheaper.<p>Alternatively, I want to be able to lookup my benefits status, but the LLM should physically <i>not be able to</i> provide me any details about the benefits status of my coworkers.<p>That is the _same_ tool cool, but in a different scope.<p>For that matter, if I'm in HR - I _should_ be able to look at the benefits status of employees that I am responsible for, of course, but that creates an audit log, etc.<p>In other words, it isn't the action that matters, but what is the intent.<p>LLM should be placed in the same box as the user it is acting on-behalf-of.</p>
]]></description><pubDate>Sat, 30 Aug 2025 15:59:41 +0000</pubDate><link>https://news.ycombinator.com/item?id=45075710</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=45075710</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45075710</guid></item><item><title><![CDATA[New comment by ayende in "Buypass discontinues issuance of TLS/SSL certificates"]]></title><description><![CDATA[
<p>FWIW, I once got a cease and desist letter because "company-xyz" found that we were using a subdomain "company-xyz.customers.our-service.com".<p>They discovered that because they were monitoring the CT logs.
And they were concerned about trademark issues.
It ended up being one of the teams in "company-xyz" that had opened an account (under the company name, of course).<p>But that is just a small note that people _are_ monitoring those.</p>
]]></description><pubDate>Mon, 25 Aug 2025 21:18:03 +0000</pubDate><link>https://news.ycombinator.com/item?id=45019153</link><dc:creator>ayende</dc:creator><comments>https://news.ycombinator.com/item?id=45019153</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45019153</guid></item></channel></rss>