* From today through June 22, Fable 5 is included on Pro, Max, Team, and seat-based Enterprise plans at no extra cost.

* On June 23, we’ll remove Fable 5 from those plans. Using it after that will require usage credits. If capacity allows, we’ll extend the included window.

* After this point—when sufficient capacity allows us to do so—we aim to restore Fable 5 as a standard part of subscription plans. We intend to do this as quickly as we can.

The "offer, then remove" aspect is a bit eyebrow-raising -- it feels like they are trying to get subscribers to switch to usage-based billing, which makes me wonder if we'll ever get it after that June 22nd window.

I believe people do understand the toll caring about something deeply takes -- but caring about all these things at once, many which you personally can't control, feels more like atlas syndrome or compassion fatigue by the author.

I also find the author a bit all-or-nothing in general. Losing friends because they use AI? Why does the dichotomy have to be so black and white? Can people have moral quandaries about AI while still using it, or does the moral stance always have to be absolute?

Even without collecting events, you can calculate what the abuse is worth to you, even if the math ends up being fuzzier.

At the small platform operator level (one guy running a platform, as this article), the cost can be as simple as "this pisses me off and I have weekends." They can burn forty hours bolting on JA4 fingerprinting and a disposable-email blocklist to stop an abuser whose dollar-EV to them was roughly zero. Looks irrational, and that's exactly the deterrent — abuse pricing assumes a rational counterpart, and a guy who'll overspend his own life-hours out of stubbornness is unpriceable.

At any scale larger than a small operator, you also do get real numbers -- you can't perfectly price reputation, but you can price traffic and ad conversions, operational costs, LTV of customers (and conversion funnel metrics) etc, all of which don't stay still while abuse increases.

> [...] That's why it's worth collecting events before acting: what the account is about, which IP network they use, whether they fake devices, whether there's any warmup prior to registration. Because that's what helps estimate whether your mitigation will actually work, and lets you respond in a balanced manner instead of under- or over-reacting.

Isn't this just a way to estimate exactly how much the 'abuse' is worth to the abusers?

For example -- let's say you offer $100 in free AWS credits by signing up to your platform. Expect a malicious user to eventually come to your platform, realize they can resell those $100 in credits for $50, and start using your platform for their own gain. Unless the mechanisms you add in place to reduce fraud / second sign ups / etc is greater than the value that they are receiving ($50), they will continue.

With sites where the platform is free, the math almost always makes sense for these malicious users to eventually abuse. In this case it was leveraging the email reputation of another domain at no cost to their own (along with the added value of anyone getting phished), but on other sites it's public profiles being used for backlinks / spam, etc.

- My doctor friend does not wanting me pinging them asking for free medical advice every time I get health anxiety

- My chef friend does not want me calling them every time I'm struggling with a recipe

- My author friend does not want to read the 20th draft of my book, in which I've changed perhaps 10% of the content from the last draft

In these, the cost is a tax on the relationship -- relying on someone else too much to the point where it could potentially be impacting _their_ life.

Similarly, there are enough communities out there that are not accommodating -- even if I wanted to get a human answer and/or connect with someone, the interactions themselves can be painful. Do we remember what it was like posting on Stack Overflow? Do we believe Stack Overflow was a one-off outlier?

I also believe human imagination and knowledge shouldn't be bound to the relationships you have around you. What if my social group is small, or diversity of knowledge that my social group has is small? Should I not be able to think and explore an idea because my best alternative would be to contact a professor at a university that 99% of the time will not answer me?

I do believe that many people use AI now instead of learning and connecting -- I know my own programmatic knowledge has weakened now that AI has acted as a superhuman autocorrect. But on the other hand, with the help of AI I've also learned about a ton of things that would have otherwise been unavailable to me -- and I believe has improved me on the whole.

So if I download or get sent "Book.pdf", I'll rename it to how I'll remember it -- "Book Title - Author.pdf", etc.

That being said, I don't think there's any right answer here, it's usually just a matter of time and energy. If I had to enrich every single file I download with a great title / detailed metadata / etc that I'd need to find that file later, that's all I'd do all day.

Stripe _says_ they will handle these type of payments, but more often than not, within roughly a year of implementation you'll get an email from them kicking you off their platform, no matter how vigilant you were, or even if the things you were selling were more rated R than rated X. Source: my own insider knowledge along with colleagues in the space.

For context, I built out Playboy's age verification system, and watched as it hurt conversion (nobody wants to upload an ID to an adult website, who would have thought!). Cryptographic signatures from issuing authorities (DMVs, universities, employers, etc) with selective disclosure (e.g. you don't need to upload your full ID, just the fields that matter) is how verification _has_ to work going forward -- AI can fake documents, but not private keys.

I've been working on this 6 months full time, and implemented all the W3C VC, OpenID4VCI/VP, SD-JWT specifications myself.

Would love to get people's thoughts on it!

1) Humans were never held accountable, really

Outside of a few regulated industries, the worst that happens to an engineer who pushes negligent code is that they get fired. But after that happens, what actually changes? The organizational structure of the company that allowed the employee to push bad code still exists.

2) Humans will still be held accountable

If a human (managing a fleet of AI agents, let's say) ends up deploying bad code to production, they won't be able to point to the AI agent and say "it was them that did it!" -- it will still be the human at the end of the line that is held responsible.

When even Linus Torvalds compliments AI code (ref: https://www.reddit.com/media?url=https%3A%2F%2Fi.redd.it%2Fa...) I think we can say he wouldn't have said that about any junior engineer.

That's not to say it won't ship bugs, but so does any engineer (junior or senior). It's up to you as to what level of tooling you surround the AI with (automated testing / linting / etc), but at the very least it doesn't also hurt to have that set up anyways (automated tests have helped prevent senior devs from shipping bad code too).

I've worked at places where I've trusted everyone on my team to the extent that most PRs got only a quick glance before getting a "LGTM". On the flipside, I've also worked on teams where every person was a different kind of liability with the code that they pushed, and for those teams I implemented every linting / pre-commit / testing tool possible that all needed to pass inspection (including human review) before any code arrived on production.

A year ago, AI was like that latter team I mentioned -- something I had to check, double check, and correct until I was happy with what it produced. Over the past 6 months, it's gotten closer (but still fairly far away) from the former team I mentioned -- I have to correct it about 10% of the time, whereas for most things it gets it right.

The fact that AI produces a much _larger_ volume of code than the average engineer is perhaps slightly concerning, but I don't see it much differently than code at large companies. Does every Facebook engineer review every junior engineer's pull request to make sure bad code doesn't slip in?

That isn't to say I'm for letting AI go wild with code -- but I think if at worse we consider AI to be a junior engineer we need to reign in with static analysis tools / linters / testers etc, we will probably be able to mitigate a lot of the downside.

The first shoe dropped when news websites realized they weren't generating content fast enough. Hard, in depth journalism takes time, but when people want to know something that happened _today_, they don't want to wait a week for all the facts to come out, and so the major websites started losing traffic to websites that churned out articles fast.

The additional benefit of churning out articles was that you could match against more and more long tail keywords, which lead to more traffic and more ability to sell ads. To keep up, many websites dropped quality for speed, and consumers noticed.

The second shoe then to drop was with affiliate marketing -- articles on CNET / Wirecutter etc were already ranking and rating products, so they figured "[...] why shouldn't we get a cut if someone ends up buying a product we recommend"? The challenge then became that consumers couldn't tell the difference between a product that was recommended because it was good, or because the product gave the biggest "kickback" to the website for using the affiliate link. Thus, people that gave "honest" opinions on products (e.g. people asking on Reddit, at least for a while, as the article suggests) became the new source of truth.

The result of this means that these days, if you read a lot of articles on the major tech websites, they feel more like they've been optimized for speed (e.g. churning out an article fast), SEO, and not much else. Many people have talked about how recipie websites are now short story generators more than food instructions, but it's been common for a while where I go to a tech website to read about something I specifically Googled, only for it to feel more like it was written _specifically_ to capture traffic for a keyword, rather than actually solve the issue or question I came into the website with.

The cherry on top is that AI has none of these problems (so far) -- yes, there's some movement on trying to do SEO for AI, and of course ads will eventually come to AI like it has everything else, but currently, you can get the answers you want, described to you exactly how you'd like to hear it -- who wouldn't want that?

E.g. we have stories like Dropbox where HN seemed to be dismissive only to be proven wrong, and there are numerous launches where HN was dismissive and they were proven right, but I'd be more curious when the HN crowd got it right in a positive way.

Perhaps their big bet is that their partnership with Jony Ive will create the first post-phone hardware device that consumers attach themselves with, and then build an ecosystem around that?

So many gems are also still built on sprockets — even when you want to use the “rails” way, you are stuck now with a hodgepodge of JS anyways.

It’s a mess — maybe one day we’ll get it fixed, but don’t pretend it’s not partially rails fault as well.

If I have 99 great interactions with someone, but one REALLY bad interaction (they insult me deeply, or say something irredeemable), that can also sour the whole relationship.

It would be interesting to research commonalities amongst bad interactions -- are there patterns that emerge from certain personality types, politics, etc? What about a few "sour" people that will take any interaction and make it bad regardless of matchup -- if we removed them from the interaction pool, do the stats suddenly adjust quickly?

In my mind this would have big implications for social media sites -- not that all bad interactions need to be quelled, but if you are trying to keep conversations civil, attempt to implement X strategy or Y strategy.