Hacker News: msdz

New comment by msdz in "GitHub's Fake Star Economy"

msdz — Mon, 20 Apr 2026 09:34:17 +0000

> I look at the starts when choosing dependencies, it's a first filter for sure.

Unfortunately I still look at them, too, out of habit: The project or repo's star count _was_ a first filter in the past, and we must keep in mind it no longer is.

> Good reminder that everything gets gamed given the incentives.

Also known as Goodhart's law [1]: "When a measure becomes a target, it ceases to be a good measure".

Essentially, VCs screwed this one up for the rest of us, I think?

[1] https://en.wikipedia.org/wiki/Goodhart%27s_law

New comment by msdz in "TinyLoRA – Learning to Reason in 13 Parameters"

msdz — Wed, 01 Apr 2026 16:24:06 +0000

This got me thinking, and it might actually even be a comparable amount. Let's estimate 12 years of schooling run at minimum $100,000 per student, at least in the US [1], and then add onto that number whatever else you may do after that, i.e. a bunch more money if paid (college) or "unpaid" (self-taught skills and improvements) education, and then the likely biggest portion for white-collar workers, yet hard-to-quantify, in experience and "value" professional work will equip one with.

Now divide the average SOTA LLM's training cost (or a guess, since these numbers aren't always published as far as I'm aware) by the number of users, or if you wanted to be more strict, the number of people it's proven to be useful for (what else would training be for), and it might not be so far off anymore?

Of course, whether it makes sense to divide and spread out the LLMs' costs across users in order to calculate an "average utility" is debatable.

[1] https://www.publicschoolreview.com/average-spending-student-...

New comment by msdz in "Axios compromised on NPM – Malicious versions drop remote access trojan"

msdz — Tue, 31 Mar 2026 18:50:55 +0000

Personally I've heard Odin [1] to do a decent job with this, at least from what I've superficially learned about its stdlib and included modules as an "outsider" (not a regular user). It appears to have things like support for e.g. image file formats built-in, and new things are somewhat liberally getting added to core if they prove practically useful, since there isn't a package manager in the traditional sense. Here's a blog post by the language author literally named "Package Managers are Evil" [2]

(Please do correct me if this is wrong, again, I don't have the experience myself.)

[1] https://pkg.odin-lang.org/

[2] https://www.gingerbill.org/article/2025/09/08/package-manage...

New comment by msdz in "What young workers are doing to AI-proof themselves"

msdz — Mon, 23 Mar 2026 20:46:23 +0000

The difference is that the work a contracted tradesperson will do is typically under some sort of guarantee, e.g. typically 2 years on work done in your home (up to 5 for bigger construction etc. type work), at least here in Germany… which you don’t (need to) factor in when DIY-ing.

New comment by msdz in "Show HN: Sonar – A tiny CLI to see and kill whatever's running on localhost"

msdz — Fri, 20 Mar 2026 21:49:08 +0000

> that they're unable to [manage and] kill child processes they themselves spawn makes it seem like they have zero clue about what they're doing.

Yeah, at the bare minimum these projects could also use something like portless[1] which literally maps ports to human- (and language model-)readable, named .localhost URLs. Which _should_ heavily alleviate assignment of processes to projects and vice versa, since at that point, hard-to-remember port numbers completely leave the equation. You could even imagine prefixing them if you've got that much going on for the ultimate "overview", like project1-db.localhost, project1-dev.localhost, etc.

[1] https://port1355.dev/

New comment by msdz in "Kagi Translate now supports LinkedIn Speak as an output language"

msdz — Tue, 17 Mar 2026 12:49:12 +0000

Felt an instant urge to nuke your comment if I could. Excellent work.

New comment by msdz in "A GitHub Issue Title Compromised 4k Developer Machines"

msdz — Fri, 06 Mar 2026 13:08:49 +0000

Interesting article you’ve linked. I’m not sure I agree, but it was a good read and food for thought in any case.

Work is still being done on how to bulletproof input “sanitization”. Research like [1] is what I love to discover, because it’s genuinely promising. If you can formally separate out the “decider” from the “parser” unit (in this case, by running two models), together with a small allowlisted set of tool calls, it might just be possible to get around the injection risks.

[1] Google DeepMind: Defeating Prompt Injections by Design. https://arxiv.org/abs/2503.18813

New comment by msdz in "Relicensing with AI-Assisted Rewrite"

msdz — Thu, 05 Mar 2026 09:27:09 +0000

They’d probably get the farthest, but they won’t pursue that because they don’t want to end up leaking the original data from training. It is possible in regular language/text subsets of models to reconstruct massive consecutive parts of the training data [1], so it ought to be possible for their internal code, too.

[1] https://arxiv.org/abs/2601.02671

New comment by msdz in "Show HN: Emdash – Open-source agentic development environment"

msdz — Sun, 01 Mar 2026 10:00:39 +0000

> CLIs themselves are getting good at [agent coordination] natively

But that's not provider-agnostic, which you mentioned earlier as one selling point of Emdash. :-)

Not-so-unrealistic use case, IMO: What if I want my orchestrator model to be, for example, ran locally due to some form of privacy concerns?

New comment by msdz in "Don't trust AI agents"

msdz — Sat, 28 Feb 2026 16:18:31 +0000

I agree, this is inherently unsafe. The two core security issues for agents, I’d say, are in LLMs not producing a “deterministic” outcome, and prompt injection.

Prompt injection is _probably_ solvable if something like [1] ever finds a mainstream implementation and adoption, but agents not being deterministic, as in “do not only what I’ve told you to do, but also how I meant it”, all while assuming perfect context retention, is a waaay bigger issue. If we ever were to have that, software development as a whole is solved outright, too.

[1] Google DeepMind: Defeating Prompt Injections by Design. https://arxiv.org/abs/2503.18813

New comment by msdz in "Kagi releases alpha version of Orion for Linux"

msdz — Fri, 23 Jan 2026 13:03:43 +0000

On the other hand, that one same engine would then be under near-full control of a single company (Google), with all the disadvantages a monopoly usually brings.

New comment by msdz in "Kagi releases alpha version of Orion for Linux"

msdz — Fri, 23 Jan 2026 13:01:23 +0000

I'm not the founder nor Kagi employee, just a customer, but

> Can you describe or offer any insight into the "significant IP" that you need to protect and defend?

The novel IP is having implemented and still implementing the browser APIs necessary for both Firefox and Chromium extensions to work in a Safari (Webkit)-based browser. See [1] for the significant progress.

> What threats from a larger company are you primarily concerned about?

Integrating said functionality themselves to offer another viable iOS browser, which Kagi is currently the only [2] offerer of (or another viable macOS/future Linux/Windows browser, although more than one exist there already).

[1] https://docs.google.com/spreadsheets/d/14IgSRVop4psUTgtLZlvY... (via: https://help.kagi.com/orion/misc/technical.html)

[2] Unless the EU steps up, all iOS browsers will continue to have to be Webkit-based with minimal, lackluster extension support. Not viable for anything beyond the most basic of use cases.

New comment by msdz in "CEOs to Keep Spending on AI, Despite Spotty Returns"

msdz — Wed, 17 Dec 2025 03:04:01 +0000

Regarding your first paragraph, I've even talked with people who go out of their way to actively _avoid_ said product after encountering AI-generated advertising. So that'll probably continue to have an effect for as long as average people with good eyes can still distinguish "AI"/generative media from "real"/traditional footage.

New comment by msdz in "I'm a Tech Lead, and nobody listens to me. What should I do?"

msdz — Tue, 16 Dec 2025 17:45:48 +0000

As has been stated above, I’m guessing in this specific example it would’ve been due to the rather strict labor laws, which I’m not going to comment my opinion on, just to clarify/explain: Here (Germany), you can basically not fire someone if your company has >10 full-time employees, and they’re not actively misbehaving (or under trainee/probationary status). Yep, this statement means exactly what it reads.

So I’m guessing that’s the reason for this “passive firing” method.

New comment by msdz in "Dotter: Dotfile manager and templater written in Rust"

msdz — Wed, 10 Sep 2025 22:45:26 +0000

In addition to that, chezmoi templating can be used to fill in environment variables like secret keys, you just need to unlock rbw or whatever other password manager it is that you use. I have some that I export in my shell config, and this setup allows me to have the repo in a public place and not worry about who finds it.

New comment by msdz in "Show HN: Term.everything – Run any GUI app in the terminal"

msdz — Wed, 10 Sep 2025 22:33:39 +0000

It's like a more generalized browsh[1].

[1] https://www.brow.sh/

New comment by msdz in "Kite News"

msdz — Thu, 10 Jul 2025 12:09:57 +0000

It's existed for months by now, and has been usable for nearly as long. I'd say you can decide if you need extra fluff like native apps or further "polishing" at this point.

New comment by msdz in "Chrome achieves highest score ever on Speedometer 3, saving users millions of"

msdz — Thu, 05 Jun 2025 17:19:50 +0000

> Actual cpu/memory performance of a given task, or some real world measure

Take a look at what the Speedometer 3 test suite includes.

I still chuckled at Bloatscore, though.

New comment by msdz in "Vim Language, Motions, and Modes Explained (2023)"

msdz — Thu, 24 Apr 2025 12:30:18 +0000

As someone familiar with Helix, I’m curious. Could you elaborate on this?

Because I’m not disagreeing with your point, I’m actually not getting it in the first place. How does jumping around affect your selection count? Which motion(s) are you performing that larger quantities of text are getting "selected" in the first place?

New comment by msdz in "Kagi Assistant is now available to all users"

msdz — Fri, 18 Apr 2025 07:33:23 +0000

While I'm aware this is a case of "you're holding it wrong" – !translate should do the trick. And that's not an excuse for not having better detection for when an info box should exist, because they do have them, especially for, but not limited to the WolframAlpha integration stuff. (For example, a friend and fellow user was awed when searching "internet speed test" and saw it integrated, no idea if Google has that too though).

Other than that, make sure your region/locale is set correctly (I'm not getting the metric petaton, for example), and for everything else, they have an excellent feedback forum for suggestions/bug reports.