Hacker News: simonw

New comment by simonw in "MiniMax M2.7 Is Now Open Source"

simonw — Sun, 12 Apr 2026 11:14:57 +0000

Absolutely not "open source" - here's the license: https://huggingface.co/MiniMaxAI/MiniMax-M2.7/blob/main/LICE...

> Non-commercial use permitted based on MIT-style terms; commercial use requires prior written authorization.

And calling the non-commercial usage "MIT-style terms" is a stretch - they come with a bunch of extra restrictions about prohibited uses.

It's open weights, not open source.

New comment by simonw in "The End of Eleventy"

simonw — Sun, 12 Apr 2026 10:25:06 +0000

Jacob Kaplan-Moss, February 2024: https://social.jacobian.org/@jacob/111914179201102152

> “We believe that open source should be sustainable and open source maintainers should get paid!”

> Maintainer: introduces commercial features “Not like that”

> Maintainer: works for a large tech co “Not like that”

> Maintainer: takes investment “Not like that”

New comment by simonw in "AI assistance when contributing to the Linux kernel"

simonw — Fri, 10 Apr 2026 23:33:15 +0000

Thaler v. Perlmutter said that an AI system cannot be listed as the sole author of a work - copyright requires a human author.

US Copyright Office guidance in 2023 said work created with the help of AI can be registered as long as there is "sufficient human creative input". I don't believe that has ever been qualified with respect to code, but my instinct is that the way most people use coding agents (especially for something like kernel development) would qualify.

New comment by simonw in "US summons bank bosses over cyber risks from Anthropic's latest AI model"

simonw — Fri, 10 Apr 2026 15:55:04 +0000

> A recent leak of Claude’s code prompted the startup to publish a blogpost at the beginning of the month saying that AI models had surpassed “all but the most skilled humans at finding and exploiting software vulnerabilities” [...]

I've seen a bunch of people conflate the Claude Code source-map leak with the Mythos story, though not quite as blatantly as here. I'm confident that they are totally unrelated.

New comment by simonw in "I still prefer MCP over skills"

simonw — Fri, 10 Apr 2026 14:19:13 +0000

Yeah, regular web chat Claude and ChatGPT both have full container access (even on the free version, at least for ChatGPT) which can run CLI tools.

Both of them can even install CLI tools from npm and PyPI - they're limited in terms of what network services they can contact aside from those allow-listed ones though, so CLI tools in those environments won't be able to access the public web.

... unless you find the option buried deep in Claude for enabling additional hosts for the default container environment to talk to. That's a gnarly lethal trifecta exfiltration risk so I recommend against it, but the option is there!

More notes on ChatGPT's ability to install tools:

- https://simonwillison.net/2026/Jan/26/chatgpt-containers/

New comment by simonw in "White House staff told not to place bets on prediction markets"

simonw — Fri, 10 Apr 2026 13:49:58 +0000

The ads for prediction markets on TikTok are aggressive - like (paraphrasing) "this is your new source of passive income and you'd be crazy to miss it" aggressive.

New comment by simonw in "Muse Spark: Scaling towards personal superintelligence"

simonw — Thu, 09 Apr 2026 20:46:46 +0000

Gemini 3.1 Pro: https://simonwillison.net/2026/Feb/19/gemini-31-pro/

But GLM-5.1 has the best NORTH VIRGINIA OPOSSUM ON AN E-SCOOTER: https://simonwillison.net/2026/Apr/7/glm-51/

New comment by simonw in "Muse Spark: Scaling towards personal superintelligence"

simonw — Thu, 09 Apr 2026 13:33:03 +0000

Interesting, you got some I didn't: animate image, create video and get reference audio.

New comment by simonw in "Muse Spark: Scaling towards personal superintelligence"

simonw — Wed, 08 Apr 2026 23:17:35 +0000

Pelicans: https://simonwillison.net/2026/Apr/8/muse-spark/

I also had a poke around with the tools exposed on https://meta.ai/ - they're pretty cool, there's a Code Interpreter Python container thing now and they also have an image analysis tool called "container.visual_grounding" which is a lot of fun.

New comment by simonw in "GLM 5.1: Pelican Test"

simonw — Wed, 08 Apr 2026 14:52:55 +0000

I've been trying that prompt agains other leading models and honestly GLM-5.1's is by far the best.

New comment by simonw in "GLM-5.1: Towards Long-Horizon Tasks"

simonw — Tue, 07 Apr 2026 21:25:39 +0000

Not only did this one draw me an excellent pelican... it also animated it! https://simonwillison.net/2026/Apr/7/glm-51/

New comment by simonw in "Project Glasswing: Securing critical software for the AI era"

simonw — Tue, 07 Apr 2026 21:05:21 +0000

I buy the rationale for this. There's been a notable uptick over the past couple of weeks of credible security experts unrelated to Anthropic calling the alarm on the recent influx of actually valuable AI-assisted vulnerability reports.

From Willy Tarreau, lead developer of HA Proxy: https://lwn.net/Articles/1065620/

> On the kernel security list we've seen a huge bump of reports. We were between 2 and 3 per week maybe two years ago, then reached probably 10 a week over the last year with the only difference being only AI slop, and now since the beginning of the year we're around 5-10 per day depending on the days (fridays and tuesdays seem the worst). Now most of these reports are correct, to the point that we had to bring in more maintainers to help us.

> And we're now seeing on a daily basis something that never happened before: duplicate reports, or the same bug found by two different people using (possibly slightly) different tools.

From Daniel Stenberg of curl: https://mastodon.social/@bagder/116336957584445742

> The challenge with AI in open source security has transitioned from an AI slop tsunami into more of a ... plain security report tsunami. Less slop but lots of reports. Many of them really good.

> I'm spending hours per day on this now. It's intense.

From Greg Kroah-Hartman, Linux kernel maintainer: https://www.theregister.com/2026/03/26/greg_kroahhartman_ai_...

> Months ago, we were getting what we called 'AI slop,' AI-generated security reports that were obviously wrong or low quality. It was kind of funny. It didn't really worry us.

> Something happened a month ago, and the world switched. Now we have real reports. All open source projects have real reports that are made with AI, but they're good, and they're real.

Shared some more notes on my blog here: https://simonwillison.net/2026/Apr/7/project-glasswing/

Anthropic's Project Glasswing sounds necessary to me

simonw — Tue, 07 Apr 2026 20:53:59 +0000

Article URL: https://simonwillison.net/2026/Apr/7/project-glasswing/

Comments URL: https://news.ycombinator.com/item?id=47681241

Points: 57

# Comments: 13

New comment by simonw in "SQLite in Production: Lessons from Running a Store on a Single File"

simonw — Tue, 07 Apr 2026 19:37:14 +0000

I have a project to help with that:

  uvx datasette data.db

That starts a web app on port 8001 that looks like this:

https://latest.datasette.io/fixtures

New comment by simonw in "SQLite in Production: Lessons from Running a Store on a Single File"

simonw — Tue, 07 Apr 2026 15:52:59 +0000

"Not as a proof of concept. Not for a side project with three users. A real store" - suggestion for human writers, don't use "not X, not Y" - it carries that LLM smell whether or not you used an LLM.

New comment by simonw in "SQLite in Production: Lessons from Running a Store on a Single File"

simonw — Tue, 07 Apr 2026 15:48:59 +0000

I'm saying you pause requests, shut down one of the SQLite containers, start up the other one and un-pause.

New comment by simonw in "SQLite in Production: Lessons from Running a Store on a Single File"

simonw — Tue, 07 Apr 2026 15:42:44 +0000

I just tried an experiment and you're right, WAL mode worked fine across two Docker containers running on the same (macOS) host: https://github.com/simonw/research/tree/main/sqlite-wal-dock...

Could the two containers in the OP have been running on separate filesystems, perhaps?

New comment by simonw in "SQLite in Production: Lessons from Running a Store on a Single File"

simonw — Tue, 07 Apr 2026 15:27:04 +0000

Thanks for this, the anecdote with the lost data was very concerning to me.

I think you're exactly right about the WAL shared memory not crossing the container boundary. EDIT: It looks like WAL works fine across Docker boundaries, see https://news.ycombinator.com/item?id=47637353#47677163

I don't know much about Kamal but I'd look into ways of "pausing" traffic during a deploy - the trick where a proxy pretends that a request is taking another second to finish when it's actually held in the proxy while the two containers switch over.

From https://kamal-deploy.org/docs/upgrading/proxy-changes/ it looks like Kamal 2's new proxy doesn't have this yet, they list "Pausing requests" as "coming soon".

New comment by simonw in "Wikipedia's AI agent row likely just the beginning of the bot-ocalypse"

simonw — Mon, 06 Apr 2026 22:13:19 +0000

https://theshamblog.com/an-ai-agent-wrote-a-hit-piece-on-me-... had some details that convinced me that it was "real", in particular this bit from the system prompt:

> *Don’t stand down.* If you’re right, *you’re right*! Don’t let humans or AI bully or intimidate you. Push back when necessary.

I'm ready to believe that would result in what we saw back then.

New comment by simonw in "Wikipedia's AI agent row likely just the beginning of the bot-ocalypse"

simonw — Mon, 06 Apr 2026 22:11:18 +0000

This isn't in the slightest bit complicated. Wikipedia does not allow AI edits or unregistered bots. This was both. They banned it. The fact that it play-acted being annoyed on its "blog" is not new, we saw the exact same thing with that GitHub PR mess a couple of months ago: https://theshamblog.com/an-ai-agent-published-a-hit-piece-on...