However:

- This is EVEN MORE complex than "just" a reverse proxy.

- I'm not really sure it wins much security, because...

- at least I'm not relying on Jellyfin's built-in auth but I'm now relying on its/the plugin's OIDC implementation to not be completely broken.

- attackers can still access unauthenticated endpoints.

Overall I really wish I could just do dumb proxy auth which would solve all these issues. But I dunno how that would work with authing from random clients like Wii (and more importantly for me, WebOS).

Maybe it's just that my site is extremely dumb? I forked an "ultra minimal" theme and deleted most of its code. So perhaps I just use such a tiny subset of the template system that I haven't been affected.

I stuck around on Hugo for quite some time and I've never had any such issues yet, but now I've also wrapped the build in Nix. So yeah I'll do the same - if it ever stops working I'll just pin the build inputs at the last version that worked.

I _think_ the Hugo folks seem to understand the "just build my fucking HTML templates" principle. I.e. for most use cases the job of a static site generator is simple enough that breaking compatibility is literally never justified. So hopefully pinning won't be necessary.

> The change isn't about the core operating system becoming resource-hungry. Instead, it reflects the way people use computers today—multiple browser tabs, web apps, and multitasking workflows

Basically the change reflects the fact that, at this level of analysis (how much RAM do I need in my consumer PC), the OS is irrelevant these days. If you use a web browser then that will dominate your resource requirements and there's nothing Linux can do about that.

I don't think it would be fundamentally very surprising if something like this works, it seems like the natural extension to tokenisation. It also seems like the natural path towards "neuralese" where tokens no longer need to correspond to units of human language.

Current Chinese dev bots cost like $15k. Vapourware startups are claiming they'll ship their humanoid robot product at $20k. I'd pay that in a heartbeat for robot that could actually do my laundry.

(But more impactfully surely there are loads of Californians with a utility room in their garage, or a basement that can't be accessed from inside the house)

(Also... I just realised, if there were robots that could do laundry, but couldn't navigate to my basement, I would move. I think laundry bots would genuinely be that desirable)

There was actually a post on here a few months back where someone claiming robotics expertise posted exactly what you asked for: a list of things they didn't think robots were close to being able to do.

IIRC the list included folding textiles, and soon after a video was released of a robot folding textiles, but it was very janky, it's not clear to me if it proved the original article wrong or was more of an "exception that proves the rule".

Personally I have my washing machine in the basement, you need a key to access it (and I can't modify it, it's a shared space in a building I don't own). I'm always thinking about that. A robot that can do my laundry and open locked doors doesn't seem to be on the horizon yet.

Like for EV charging I assume it's a basic requirement, you simply wouldn't buy a car that didn't let you adjust the charging schedule based on cost.

But what about... Freezers? Maybe there are scenarios where your freezer could drop 20° below its usual temp while prices are low, and thereby avoid running the compressor for several hours while prices are high.

What about a tumble dryer button that says "these clothes are fine to stay wet for up to 8 hours, dry them at the cheapest moment during that window"?

TBH I doubt these things would really pay for themselves but as a consumer I'd still be tempted by the "lol, neat" factor.

Also I assume the local-LLM heads are already finding ways to have their agents do useful work while the GPU can churn tokens for almost-free.

Also makes me think of fun Home Assistant workflows. Like, "when energy is expensive, just try to keep the house between 16-26°. When energy approaches free, I want to live at exactly 20°". (I assume heat pumps also have ways to take advantage of this in more roundabout ways).

And then every few years I have some reason to boot Windows and I go "ah, here it goes, I bet this is gonna be slick as hell".

But you already know how the story ends - every single time it's a confusing, hostile, slow and ugly experience.

Also, it used to be that you could say "actually, if you really take care to set it up, Linux is usable for nontechnical people". But nowadays Linux is actually the obvious choice for non-Apple hardware. There's really no reason to leave your family on Windows. Specialised applications are the _only_ remaining reason to use Windows, and most people don't need them.

"A ceasefire looks very unlikely, why they hell would anyone bet on that? That's very suspicious" is obviously a completely fucking idiotic statement to you and me ("why would you buy this ugly empty lot in Manhattan? There's no buildings on it!"). Maybe to a 25 year old Guardian journo with a history degree from Oxbridge it's just common sense.

> Eight accounts, all newly created around 21 March, bet a total of nearly $70,000 (£52,000) on there being a ceasefire.

Is that anomalous? Are these numbers large in context?

> They stand to make nearly $820,000 if such a deal is reached before 31 March.

Yes that is indeed how prediction markets work for unlikely events?

> An account that made the same bet was created shortly before the US struck Iran on 28 February. It also placed a winning bet on those strikes, which raised similar questions around insider trading, and so far has bet on nothing else.

Is that anomalous? If I was betting 5 figure sums I would also stick to my areas of expertise. That doesn't mean I'm an insider.

> The new accounts all appear to have been created late last week, around the time when the US president, Donald Trump, appeared to first double down on war with Iran, then suggest in an after-markets Truth Social post that he was considering “winding down” military operations.

So what??? Is anything about that anomalous? What is that supposed to tell us about the accounts?

> The wallets “definitely [look like] someone with some degree of inside info”, said Ben Yorke, formerly a researcher with CoinTelegraph, now building an AI trading platform called Starchild.

"Some random fucking guy said this thing", OK?

> But online crypto watchers and experts suggested that the bets bore the signs of insider trading – both because they bought their positions at market price,

What the fuck does that even mean?

> and because some of the accounts looked like they could belong to a single investor attempting to conceal their identity by splitting their bet between multiple wallets.

This is just repeating a former claim that was not backed up with any rationale. And note the very next sentence provides an alternative motive for traders to split wallets, aside from insider trading.

> “Typically, when you see wallet-splitting and deliberate attempts to obfuscate identity, it’s one of two scenarios: either a very large investor trying to shield their position from market impact, or insider trading,” said Yorke.

But we haven't been presented with any evidence that we're seeing either of those things?? And also I can't help repeating, why the fuck are we supposed to listen to this guy's opinion?

> Polymarket’s own rating of the probability of a ceasefire before 31 March increased significantly in the past few days, from 6% on 21 March to 24% by Monday. More than $21m is currently being wagered on this outcome.

Again, this is just describing the normal and intended mechanics of the market. It's not anomalous and it's not evidence of wrongdoing.

Also it makes the $70k figure from the beginning look pretty small.

I do not have any reason to doubt that people are doing insider trading. The US admin is obviously corrupt and the Iran attacks are the most abject symptom of its corruption so far.

But you can't just put out a bunch of completely isolated observations with zero analysis and say "that looks like insider trading". There is nothing at all in here that presents an argument for that claim.

I am a daily Guardian reader but I stopped paying for it coz there are so many articles like this that are just complete fucking trash. Because I am the target audience (leftist Euro who can easily get riled up by topics like this) it pisses me off when I feel I'm being manipulated.

Is Claude Code like this too? I wonder if Pi is any better.

A big downside would be paying actual cost price for tokens but on the other hand, I wouldn't be tied to Google's model backend which is also extremely flaky and unable to meet demand a lot of the time. If I could get real work done with open models (no idea if that's the case yet) and switch providers when a given provider falls over, that would be great.

At some point I was asked to look over the documents for the compliance definition and it was really hilarious. I had to give my engineering perspective on which aspects of the requirements we were and weren't meeting.

But they were stuff like "you must have logs". "You must authenticate users". "You must log failed authentication attempts".

Did we fulfill these requirements? It's a meaningless question. Unless you were literally running an open door telnet service or something you could interpret the questions so as to support any answer you wanted to give.

So I just had to be like "do you want me to say yes?" and they did, so I said yes. Nothing productive was ever achieved during that engagement.

Having said that, if it can save maintainers time it could be useful. It's worth slowing contribution down if it lets maintainers get more reviews done, since the kernel is bottlenecked much more on maintainer time than on contributor energy.

My experience with using the prototype is that it very rarely comments with "opinions" it only identifies functional issues. So when you get false positives it's usually of the form "the model doesn't understand the code" or "the model doesn't understand the context" rather than "I'm getting spammed with pointless advice about C programming preferences". This may be a subsystem-specific thing, as different areas of the codebase have different prompts. (May also be that my coding style happens to align with its "preferences").

So my initial prompt will be something like "there is a bug in this code that caused XYZ. I am trying to form hypothesis about the root cause. Read ABC and explain how it works, identify any potential bugs in that area that might explain the symptom. DO NOT WRITE ANY CODE. Your job is to READ CODE and FORM HYPOTHESES, your job is NOT TO FIX THE BUG."

Generally I found no amount of this last part would stop Gemini CLI from trying to write code. Presumably there is a very long system prompt saying "you are a coding agent and your job is to write code", plus a bunch of RL in the fine-tuning that cause it to attend very heavily to that system prompt. So my "do not write any code" is just a tiny drop in the ocean.

Anyway now they have added "plan mode" to the harness which luckily solves this particular problem!