Yes, that is a "best practice" and good internet hygiene is to never click on email and text message urls but the reason they like clicking on legitimate email urls is convenience and usability. A helpful email link directly lands them on the relevant website page to do whatever they need to do. That's because the email url has a long string query parameters (id, etc) that automatically navigates to the correct webpage.

On the other hand, to do it the "best practice" way, it requires clicking around a confusing website menus and drilling several layers deep to find whatever issue the email is talking about.

A helpful email url link bypasses the hassle of learning whatever flavor-of-the-month confusing UI the website designer happened to to use.

Hang around old people and watch over the shoulder how they use computers and you become sympathetic to how the make it work for them.

E.g. An order status email has a URL link of a UPS tracking number to monitor shipping status. But don't click on that! Instead, copy the 1Z... number to the buffer. Then open a web browser and type in the ups.com url. Then paste the number into the text box. Those copy&paste mechanics not too difficult on desktop (Ctrl+C Ctrl-V) but it is much more difficult on mobile phones (double taps or long press and hold).

That was a simple example. The more complicated one is email from health and medical companies with confusing websites. They'd rather just click on the email url.

That advice is fine for the technically savvy but doesn't work for a lot of normal people who don't have the knowledge to mentally parse urls.

  https://getsupport.apple.com/customer?cvid=8c11bcc71f684b6ab405d4fa1e86c146
  https://getsupport.apple.com.phish.xyz/customer?cvid=8c11bcc71f684b6ab405d4fa1e86c146

I work with senior citizens and tried to explain how to parse the domain in the URL by looking for the first forward "/" after the "https://" and then scan backwards but they find that mental algorithm confusing and those instructions don't stick. (This is actually an area where some AI on phones/desktops could assist people decipher urls or mark them as suspicious.)

The other problem with that advice is people can't "whitelist" the legitimate domains to look for because they don't know ahead-of-time what they are. E.g.:

- An Amazon verification email will be sent from "account-update@amazon.com". It's intuitive to predict something coming from "@amazon.com" so a mental whitelist filter works in that case.

- However, State Farm Insurance legitimate login verification codes are actually sent from "noreply@sfauthentication.com" instead of the expected "@statefarm.com"

The gp asked a reasonable question. Your admonition about making money is misplaced because your assumption about it being a hobby is incorrect.

The website was developed by Flighty LLC. To answer the gp's question: Although the website itself doesn't have direct monetization, it acts as "inbound marketing" for the paid iOS app. Clicking on "Download Flighty" takes the user to the Apple App Store:

  In-App Purchases
  Week-to-Week Flighty Pro         $4.99
  Annual Savings Flighty Pro      $59.99
  Month-to-Month Flighty Pro       $9.99
  Annual Savings (Family Plan)   $119.00
  Lifetime Flighty Pro           $299.00
  Flexible Monthly (Family Plan)  $15.99
  Week-to-Week Flighty Pro         $4.99
  Week-to-Week Flighty Pro         $7.99
  Pro Family Lifetime            $449.00
  Annual Savings Flighty Pro      $59.99

It's not just a $5/month VPS. Some cursory googling says Flighty gets data from the FlightAware Firehose api which costs a lot of money. The cost would exceed the financial resources of most people to make an equivalent free hobby website. (https://www.flightaware.com/commercial/firehose/documentatio...)

mpv doesn't run on iPad so it's better for my situation to just burn the blackout into a new video. I actually do a lot more stuff than drawvg (also rescale, pts, framerate,etc) in filter_complex but left the rest of it out for the HN comment so the example is more readable.

I suppose it might be possible to use mpv with a custom shader mask glsl code to blackout circular areas of the screen.

>you sure can crop the video

Cropping the video is straightforward with no information loss when the geometry of presentation and the speaker is laid out like these: https://www.youtube.com/@MeetingCPP/videos

But cropping the following video by shrinking the boundaries of the rectangle until the circle overlay is not visible would result in too much of the text being cut off: https://www.youtube.com/watch?v=nUxuCoqJzlA

Scrub that video timeline to see the information that would be chopped off. For that, it's better to cover up only the circle overlay with a blacked out disc.

My main use case is modifying youtube videos of tech tutorials where the speaker overlays a video of themselves in a corner of the video. drawvg is used to blackout that area of the video. I'm sure some viewers like having a visible talking head shown on the same screen as the code but I find the constant motion of someone's lips moving and eyes blinking in my peripheral vision extremely distracting. Our vision is very tuned into paying attention to faces so the brain constantly fighting that urge so it can concentrate on the code. (A low-tech solution is to just put a yellow sticky know on the monitor to cover up the speaker but that means you can't easily resize/move the window playing the video ... so ffmpeg to the rescue.)

If the overlay was a rectangle, you can use the older drawbox filter and don't need drawvg. However, some content creaters use circles and that's where drawvg works better. Instead of creating a separate .vgs file, I just use the inline syntax like this:

  ffmpeg -i input.webm -filter_complex "[0:v]drawvg='circle 3388 1670 400 setcolor black fill'[v2];[0:a]atempo=1.5[a2]" -map "[v2]" -map "[a2]" output.mp4

(The author of the drawvg code in the git log appears to be the same as the author of this thread's article.)

[1] https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/016d767c8e9d...

Unfortunately, music lyrics are protected by copyrights so your site of King Crimson lyrics would not be authorized unless you paid for a license. The music publisher may not expend the effort to have a lawyer send you a "Cease & Desist" letter to make you take it down because your personal website is small fish but they wouldn't ignore a popular website that tried to show all lyrics for free with no ads.

The legitimate ongoing licensing costs from Gracenote/Lyricfind for their catalogs of millions of song lyrics will cost significantly more than the hosting bill. The cost is beyond the resources of typical hobbyists who like to share information for free.

EDIT: I have no idea what the downvotes are about. If you think my information about lyrics licensing is incorrect, explain why. Several decades ago, volunteers were sharing guitar tabs for free on the internet and that also got shut down by the music publishers because of copyright violations. Previous comment about that: https://news.ycombinator.com/item?id=24598821

As someone who uses wired earphones exclusively and must use those USB-C adapters you suggest, it's not quite "just as easy" because there are several problems:

- it's an extra $10 dongle to buy and potentially lose. I've lost several of them over the years

- adds more mechanical stress to the USB-C jack. The office Apple USB-C 3.5mm adapter protrudes out from the phone and I've had several close calls with the wire getting snagged on a door knob which can damage the USB-C port. I've never been comfortable with this Rube-Goldberg dongle contraption that adds more risk to damaging a $1000 phone. It's a fear I never had with the built-in 3.5mm jack on my old iPhone 5. There are 3rd-party right-angle USB-C to 3.5mm on Amazon (including magnetic ones) but the ones I tried interfere with phone cases and they don't sound as good. (Apparently Apple uses a more premium DAC chip in their USB-C adapter.)

- can't simultaneously charge the phone while listening unless you buy a different USB-C adapter that has both 3.5mm input and a USB-C passthrough charging port. These are bulkier.

- it's an extra dongle that's easy to forget. I once got on a transatlantic flight and realized that I forgot my USB-C earphone adapter at home. I panicked and dreaded the idea of nothing to listen to for 8 hours but I was luckily saved by a friend that didn't need to use hers and let me borrow it. Why can't I just leave the USB-C dongle connected to the 3.5mm 100% of the time so there's nothing to forget?!? Because I often need to connect the earphones to things that don't need the adapter.

With all those drawbacks, I still use the USB-C adapters because I have to. But it has definitely made life more complicated.

There's a spectrum of decentralized <--> centralized for different audiences.

For this tech demographic here where installing some type of p2p or federated discussion tech (Mastodon? Matrix?) is not rocket science, it's more convenient for us to avoid that and just be on a "centralized" HN. I used to be very active on USENET and HN is relatively more centralized than a hypothetical "comp.programming.hackernews" newsgroup. This is not a complaint. It's an observation of our natural preferences and how it aggregates. (Btw, it's interesting that Paul Graham started this HN website but doesn't post here anymore. Instead, he's more active on Twitter. He's stated his reasons and it's very understandable why.)

For the phpBB forums where a lots of non-tech people discuss hobbies such as woodworking, guitar gear, etc., the decentralization perspective is the php forums and the centralization is towards big platforms such as reddit / Discord / Facebook Groups.

I see similar decentralized --> centralized trends in blogs. John Carmack abandoned his personal website and now posts on centralized Twitter.

My overall point is that a lot of us techies wish the general public would get enlightened about decentralization but that's unrealistic when we don't follow that ideal ourselves. We have valid reasons for that. But it does a create a cognitive dissonance and/or confusion as to why the world doesn't do what we think they should do.

EDIT add reply: >Wouldn't comp.programming.hackernews concentrate discussion under a single heading and also be hosted from a single specific computer?

Usenet is more decentralized/federated: https://en.wikipedia.org/wiki/Usenet#:~:text=Usenet%20is%20t...

If a layman is unfamiliar that "private credit" is about business debts, and therefore only has intuition via previous exposure to "private X" to guess what it might mean, it's not unreasonable to assume it's about consumer loans.

"private insurance" can be about retail consumer purchased health insurance outside of employer-sponsored group health plans

"private banking" is retail banking (for UHNW individuals)

But "private credit" ... doesn't fit the pattern above because "private" is an overloaded word.

The above includes us highly technical people on HN. We really can't expect (or lecture) the normal mainstream population to make a cultural change to adopt decentralized tech when most of us don't do it ourselves.

E.g. Most of us don't want to self-host our public git repo. Instead, we just use centralized Github. We have the technical knowledge to self-host git but we have valid reasons for not wanting to do it and willingly outsource it to Github. (Notice this thread's Show HN about decentralized social networking has hosted its public repo on centralized Github.)

And consider we're not on decentralized USENET nodes discussing this. Instead, we're here on centralized HN. It's more convenient. Same reason technical folks shut down their self-hosted PHP forum software and migrate to centralised Discord.

The reason can't be reduced to just "people being lazy". It's about tradeoffs. This is why it's incorrect to think that futuristic scenarios of a hypothetical easy-to-use "internet appliance" (possibly provided by ISP) to self-host email/git/USENET/videos/etc and a worldwide rollout out IPv6 to avoid NAT will remove barriers to decentralization.

The popular essay "Protocols Not Platforms" about the benefits of decentralization often gets reposted here but that doesn't help because "free protocols" don't really solve the underlying reasons centralization keeps happening: money, time, and motivation to follow the decentralized ethos.

"But you become a prisoner of centralized services!" -- True, but a self-hosted tech stack for some folks can also be a prison too. It's just a different type. To get "freedom" and escape the self-hosted hassles, they flee to centralized services!

>Thats what the second chance pool is for

>Creating a new URL with effectively the same info but further removed from the primary source is not good HN etiquette.

I'm going to respectfully disagree with all the above and thank the submitter for this article. It is sufficiently different from the primary source and did add new information (meta commentary) that I like. The title is also catchier which may explain its rise to the front page. (Because more of us recognize "Github" than "Cline").

The original source is fine but it gets deep into the weeds of the various config files. That's all wonderful but that actually isn't what I need.

On the other hand, this thread's article is more meta commentary of generalized lessons, more "case study" or "executive briefing" style. That's the right level for me at the moment.

If I was a hacker trying to re-create this exploit -- or a coding a monitoring tool that tries to prevent these kinds of attacks, I would prefer the original article's very detailed info.

On the other hand, if I just want some highlights that raises my awareness of "AI tricking AI", this article that's a level removed from the original is better for that purpose. Sometimes, the derived article is better because it presents information in a different way for a different purpose/audience. A "second chance pool" doesn't help a lot of us because it still doesn't change the article to a shorter meta commentary type of article that we prefer.

The thread's article consolidated several sources into a digestible format and had the etiquette of citations that linked backed to the primary source urls.

The tool depends on hardware detection. From https://github.com/AlexsJones/llmfit?tab=readme-ov-file#how-... :

  How it works
  Hardware detection -- Reads total/available RAM via sysinfo, counts CPU cores, and probes for GPUs:

  NVIDIA -- Multi-GPU support via nvidia-smi. Aggregates VRAM across all detected GPUs. Falls   back to VRAM estimation from GPU model name if reporting fails.
  AMD -- Detected via rocm-smi.
  Intel Arc -- Discrete VRAM via sysfs, integrated via lspci.
  Apple Silicon -- Unified memory via system_profiler. VRAM = system RAM.
  Ascend -- Detected via npu-smi.
  Backend detection -- Automatically identifies the acceleration backend (CUDA, Metal, ROCm, SYCL, CPU ARM, CPU x86, Ascend) for speed estimation.

To implement your idea so it's only a website and also workaround the Javascript limitations, a different kind of workflow would be needed. E.g. run macOS system report to generate a .spx file, or run Linux inxi to generate a hardware devices report... and then upload those to the website for analysis to derive a "LLM best fit". But those os report files may still be missing some details that the github tool gathers.

Another way is to have the website with a bunch of hardware options where the user has to manually select the combination. Less convenient but then again, it has the advantage of doing "what-if" scenarios for hardware the user doesn't actually have and is thinking of buying.

(To be clear, I'm not endorsing this particular github tool. Just pointing out that a LLMfit website has technical limitations.)

The complaint about "code nobody understands" because of accumulating cognitive debt also happened with hand-written code. E.g. some stories:

- from https://devblogs.microsoft.com/oldnewthing/20121218-00/?p=58... : >Two of us tried to debug the program to figure out what was going on, but given that this was code written several years earlier by an outside company, and that nobody at Microsoft ever understood how the code worked (much less still understood it), and that most of the code was completely uncommented, we simply couldn’t figure out why the collision detector was not working. Heck, we couldn’t even find the collision detector! We had several million lines of code still to port, so we couldn’t afford to spend days studying the code trying to figure out what obscure floating point rounding error was causing collision detection to fail. We just made the executive decision right there to drop Pinball from the product.

- and another about the Oracle RDBMS codebase from https://news.ycombinator.com/item?id=18442941

(That hn thread is big and there are more top-level comments that talk about other ball-of-spaghetti projects besides Oracle.)

It can be about both meanings. The additional meanings of democratize to describe "more accessible" are documented in Oxford and Merriam-Webster dictionaries:

https://www.encyclopedia.com/humanities/dictionaries-thesaur...

https://www.merriam-webster.com/dictionary/democratic#:~:tex...

Fyi... Apple News+ subscribers don't get the full subscription to all the participating publications. This means a subset of articles and/or partial articles (teasers) that require extra payment to get past a paywall to read the rest of the story. This surprises some people.

https://forums.macrumors.com/threads/why-dont-i-see-full-art...

https://en.wikipedia.org/wiki/C%2B%2B11#Features_removed_or_...

https://en.wikipedia.org/wiki/C%2B%2B17#Removed_features

https://en.wikipedia.org/wiki/C%2B%2B20#Removed_and_deprecat...

https://en.wikipedia.org/wiki/C%2B%2B23#Removed_features_and...

Not sure what forums software you're thinking of but vBulletin, phpBB, Discourse don't have the extra features the author is looking for.

He wrote: >Many of these make heavy use of Discord's voice channels, video chat, and screensharing. These servers have a hard requirement for adequate moderation tools for dealing with any bad actor willing to join the community. [...] Decent Mobile Experience [...]

A lot of admins shut down the forums software and moved to Discord because it didn't have the modern features they wanted. So to migrate off of Discord requires an alternative that duplicates most of what makes Discord valuable. That's what the topic admins wish for but the current options don't give them that.

>otherwise irc, bluesky, matrix

Author analyzed the IRC and Matrix deficiencies as not being acceptable.

For application file formats that require storing binary blob data such as images, bitmaps, etc , many in the industry have settled on "SQLite db as a file format": (https://www.sqlite.org/appfileformat.html)

Examples include Mozilla Firefox using sqlite db for favicons, Apple iOS using sqlite to store camera photos, Kodi media player uses sqlite for binary metadata, Microsoft Visual C++ IDE stores source code browsing data in sqlite, etc.

Sqlite db would usually be a better choice rather than binary blobs encoded as Base64 and being stuffed into json.gzip files. One of the areas where the less efficient gzipped JSON might be better than Sqlite is web-server-to-web-browser data transfers because the client's Javascript engine has builtin gzip decompress and JSON manipulation functions.

People don't need any UNIX biases to just want multiple versions of MSVS to work the way Microsoft advertises. For example, with every new version of Visual Studio, Microsoft always says you can install it side-by-side with an older version.

But every time, the new version of VS has a bug in the install somewhere that changes something that breaks old projects. It doesn't break for everybody or for all projects but it's always a recurring bug report with new versions. VS2019 broke something in existing VS2017 installs. VS2022 broke something in VS2019. etc.

The "side-by-side-installs-is-supposed-to-work-but-sometimes-doesn't" tradition continues with the latest VS2026 breaking something in VS2022. E.g. https://github.com/dotnet/sdk/issues/51796

I once installed VS2019 side-by-side with VS2017 and when I used VS2017 to re-open a VS2017 WinForms project, it had red squiggly lines in the editor when viewing cs files and the build failed. I now just install different versions of MSVS in totally separate virtual machines to avoid problems.

I predict that a future version VS2030 will have install bugs that breaks VS2026. The underlying issue that causes side-by-side bugs to re-appear is that MSVS installs are integrated very deeply into Windows. Puts files in c:\windows\system32, etc. (And sometimes you also get the random breakage with mismatched MSVCRT???.DLL files) To avoid future bugs, Microsoft would have to re-architect how MSVS works -- or "containerize" it to isolate it more.

In contrast, gcc/clang can have more isolation without each version interfering with each other.

I'm not arguing this thread's msvcup.exe tool is necessary but I understand the motivations to make MSVS less fragile and more predictable.