Hacker News: somesortofthing

New comment by somesortofthing in "The IBM-ification of Google?"

somesortofthing — Fri, 22 May 2026 00:45:26 +0000

Not the article's main point but I've never liked the "google killing products" complaints. People always talk about how big companies fail because they're unwilling to take risks and just recommit to their areas of strength, but this is what risk-taking looks like - you blast out products, see what sticks, and kill what doesn't. People who think it's a quality product won't be wary of whether it'll get killed - the quality itself is insurance against that. How many DAUs would stadia or hangouts or even reader have today?

New comment by somesortofthing in "The American Rebellion Against AI Is Gaining Steam"

somesortofthing — Tue, 19 May 2026 04:45:01 +0000

I think AI companies have actually broadly adopted the right strategy. There's no way to sugarcoat or hide that your company's pitch is "your salary is our TAM, btw our product is so powerful it might cause human extinction". Deploying as widely as possible while steamrolling opposition before it can get its bearings is the only viable option for the technology as they describe it.

New comment by somesortofthing in "Frontier AI has broken the open CTF format"

somesortofthing — Sun, 17 May 2026 04:21:32 +0000

I have no experience in the CTF scene so I'm curious - why not lean in and design the puzzles with an AI harness like the one top teams use in the loop and use the(presumably) expert skills of the designers to patch up the holes until the AI can't find them? Do you just end up designing ~perfectly secure systems that no human can break without finding monetizable 0days?

New comment by somesortofthing in "Software engineering may no longer be a lifetime career"

somesortofthing — Mon, 11 May 2026 19:30:46 +0000

Agent-assisted programming is fundamentally the skill of directing and supervising agents. I don't see any reason to believe that working a job where you direct and supervise agents will make you any worse at directing and supervising agents long term.

New comment by somesortofthing in "Simulacrum of Knowledge Work"

somesortofthing — Thu, 30 Apr 2026 03:06:25 +0000

It's bad code, but it's not pretending to be better than it is.

New comment by somesortofthing in "Simulacrum of Knowledge Work"

somesortofthing — Sun, 26 Apr 2026 09:36:36 +0000

I find AI code usually looks worse than it actually is. It's overly verbose, confusing, and littered with fallbacks that mean that if something goes wrong it falls through a million layers of try/catch and moves the stack trace somewhere completely unrelated to where the error actually happened, but in terms of the actual functionality it works much better than any similar-looking code written by a human would.

New comment by somesortofthing in "Do I belong in tech anymore?"

somesortofthing — Sat, 25 Apr 2026 05:42:54 +0000

Obviously the author's experience is a nightmare but what was this place like pre-AI? I have a hard time believing people who are this willing to hand over all of their thinking to LLMs were doing anything productive beforehand.

New comment by somesortofthing in "Claude Opus 4.7 Model Card"

somesortofthing — Thu, 16 Apr 2026 17:57:24 +0000

They contain broad overviews(throw some disease-causing bacteria in a sort of rainbow arrangement of increasingly more effective antibiotics, you'll usually get something that's at least very deadly even if it doesn't have pandemic potential) but executing in a real lab takes a ton of trial and error to figure out the details. The issue is that the details ~all exist somewhere in the training dataset already, discovered and documented over the course of unrelated, benign biology research. Ability to quickly and accurately search over that corpus translates to large speedups in the physical development process.

New comment by somesortofthing in "Cybersecurity looks like proof of work now"

somesortofthing — Wed, 15 Apr 2026 21:23:53 +0000

Another asymmetric advantage for defenders - attackers need to burn tokens to form incomplete, outdated, and partially wrong pictures of the codebase while the defender gets the whole latest version plus git history plus documentation plus organizational memory plus original authors' cooperation for free.

New comment by somesortofthing in "Cybersecurity looks like proof of work now"

somesortofthing — Wed, 15 Apr 2026 21:10:43 +0000

There's still the question of access to the codebase. By all accounts, the best LLM cyber scanning approaches are really primitive - it's just a bash script that goes through every single file in the codebase and, for each one and runs a "find the vulns here" prompt. The attacker usually has even less access than this - in the beginning, they have network tools, an undocumented API, and maybe some binaries.

You can do a lot better efficiency-wise if you control the source end-to-end though - you already group logically related changes into PRs, so you can save on scanning by asking the LLM to only look over the files you've changed. If you're touching security-relevant code, you can ask it for more per-file effort than the attacker might put into their own scanning. You can even do the big bulk scans an attacker might on a fixed schedule - each attacker has to run their own scan while you only need to run your one scan to find everything they would have. There's a massive cost asymmetry between the "hardening" phase for the defender and the "discovering exploits" phase for the attacker.

Exploitability also isn't binary: even if the attacker is better-resourced than you, they need to find a whole chain of exploits in your system, while you only need to break the weakest link in that chain.

If you boil security down to just a contest of who can burn more tokens, defenders get efficiency advantages only the best-resourced attackers can overcome. On net, public access to mythos-tier models will make software more secure.

New comment by somesortofthing in "Saying goodbye to Agile"

somesortofthing — Wed, 15 Apr 2026 06:05:31 +0000

Traditional design doc review processes aren't perfect but I'll take them over Radical Ticket Anarchy any day of the week.

New comment by somesortofthing in "Saying goodbye to Agile"

somesortofthing — Wed, 15 Apr 2026 05:35:48 +0000

What does "writing specs" here actually mean? Every agile project I've ever worked on has had a design doc that laid out architecture, the basic shape of contracts, dependencies and so on. In fact, the agile artifacts(tickets, estimates, epics etc.) have always been downstream of a design doc source-of-truth. A project where all the work comes directly from tickets with no overarching, agreed-upon document on what the end goal is supposed to be sounds hellish.

New comment by somesortofthing in "The cult of vibe coding is dogfooding run amok"

somesortofthing — Mon, 06 Apr 2026 20:20:41 +0000

"Wildly successful but unpolished product first-to-market with a new technology gets dethroned by a competitor with superior execution" is a story as old as tech.

New comment by somesortofthing in "The threat is comfortable drift toward not understanding what you're doing"

somesortofthing — Mon, 06 Apr 2026 00:06:49 +0000

There definitely is but even then, you can get a feel for a loop for more open-ended tasks too - you move forward until the model output starts to look handwavy/contradictory, then pause to talk to it/consult outside sources to improve your own knowledge. Most "fuzzy" fields also have quantitative components, and it's often worth stopping for a moment to put together some kind of quantitative evaluation suie to give the model grounding. When you've learned the right path yourself, you start moving forward again. It's for sure slower and more error-prone if you were already an expert when you started, but it's workable, and head-and-shoulders better than what you could do without the AI.

New comment by somesortofthing in "The threat is comfortable drift toward not understanding what you're doing"

somesortofthing — Sun, 05 Apr 2026 22:48:09 +0000

I used to feel this way but... honestly, I've found that pressing on with only a vague understanding of what's happening and then diving deep with the agent's own help if it keeps making bad decisions leads to more output of comparable quality. Even without a deep understanding of the topic, you can usually tell when the LLM is BSing and you need to intervene. The model has much more knowledge "present-at-hand" than it'll actually apply to a given implementation, so you can substantially deepen your understanding with minimal reference to external resources by just taking a break from implementation to have a convo with it.

I'm sure this approach breaks down at the very frontiers of highly technical fields but... virtually all work, even work by educated professionals, happens outside that area anyway. On well-trodden ground, you can improve at supervising agents by doing things that test your ability to supervise agents.

New comment by somesortofthing in "Vulnerability research is cooked"

somesortofthing — Tue, 31 Mar 2026 00:10:11 +0000

Am I wrong in thinking that an "exploits are free" environment massively favors the defender? Given that real-world exploits usually chain 0days, the attacker has to find the whole chain while the defender only needs to fix the weakest link.

The defender also gets to make the first move by just putting a "run an agent to find vulns" step in their CI pipeline. If LLMs truly make finding exploits free, almost no LLM-findable exploits will ever make it into the codebase.

The only way break the equilibrium is still going to be a smart researcher capable of finding exploits that the commoditized tools alone can't.

New comment by somesortofthing in "SkillsBench: Benchmarking how well agent skills work across diverse tasks"

somesortofthing — Tue, 17 Feb 2026 00:18:14 +0000

I interpreted it as "Allowing the LLM to add skills to itself as it completes a task doesn't provide a meaningful improvement over just letting it reason normally", which seems to be what the paper is fundamentally getting at.

New comment by somesortofthing in "Show HN: GitHub "Lines Viewed" extension to keep you sane reviewing long AI PRs"

somesortofthing — Mon, 16 Feb 2026 19:21:49 +0000

Makes same-origin requests to github's frontend to fetch info about line counts(line count figures are only sometimes loaded into app state) - that's the only network calls it makes.

New comment by somesortofthing in "Show HN: GitHub "Lines Viewed" extension to keep you sane reviewing long AI PRs"

somesortofthing — Sun, 15 Feb 2026 18:46:09 +0000

https://github.com/dfialkov/pr-lines-viewed

New comment by somesortofthing in "Show HN: GitHub "Lines Viewed" extension to keep you sane reviewing long AI PRs"

somesortofthing — Sun, 15 Feb 2026 02:12:37 +0000

I'm reviewing PRs I wrote myself. Valid concern in a real org though.