<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: ymyms</title><link>https://news.ycombinator.com/user?id=ymyms</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Fri, 03 Jul 2026 10:42:28 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=ymyms" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by ymyms in "The Rise of the Bullshittery"]]></title><description><![CDATA[
<p>I was shocked by this as well. I think it's a natural property of large organizations and it takes great effort and great leaders to fight it.<p>The way I think about it is that building something truly successful comes with a tremendous amount of momentum. So much momentum that growth for these companies still occurs.<p>The people hired into a mature organization are literally there just to keep the lights on and let the momentum do its work. They also create and grow their little fiefdoms.<p>You can try and build something and innovate there, but it takes a deeply concerted effort to try and sustain it. Even if something is made wildly successful and is growing 50-100% year over year, it still likely pales in comparison to the 0.005% growth of the large core business.<p>Even if the new innovation is given space to breath, it can be killed at any point by the core business as the fiefdoms look over and say: that should be part of my org, or those resources can be better spent on the core business. So instead of waiting the years it takes for the new, small thing to grow large enough to be important it is easily killed by the parts of the organization just keeping the lights on.</p>
]]></description><pubDate>Tue, 12 May 2026 20:40:25 +0000</pubDate><link>https://news.ycombinator.com/item?id=48114221</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=48114221</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48114221</guid></item><item><title><![CDATA[New comment by ymyms in "The future of everything is lies, I guess: Where do we go from here?"]]></title><description><![CDATA[
<p>There are definitely salient points in the article and I appreciate its value in imploring us to really stop and consider the ramifications of what this technology might deliver. I think the analogy to cars and the unintended consequences for all manner of society is particularly apt.<p>That said, the final point is one I take issue with:<p>> For example, I’ve got these color-changing lights. They speak a protocol I’ve never heard of, and I have no idea where to even begin. I could spend a month digging through manuals and working it out from scratch—or I could ask an LLM to write a client library for me. The security consequences are minimal, it’s a constrained use case that I can verify by hand, and I wouldn’t be pushing tech debt on anyone else. I still write plenty of code, and I could stop any time. What would be the harm?<p>To me, there is no intrinsic value in solving this problem other than rote problem solving reps to make you a better problem solver. There isn't anything fundamental about the protocol they've never heard of that operates the lights. It's likely similar to many other well-thought out protocols in the best case and in the worst case is something slapped together.<p>There are certainly deeper, more fundamental concepts to learn like congestion control algorithms in TCP. Most things in software though are just learning another engineer's preferences for how they thought to build something.<p>I poke at this because if an exercise only yields the benefit of another rep of solving a problem, then it holds less water to me. I personally don't think there will be fewer problems to solve with this technology, just a different sort at a different layer of the stack.</p>
]]></description><pubDate>Fri, 17 Apr 2026 04:22:51 +0000</pubDate><link>https://news.ycombinator.com/item?id=47802432</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=47802432</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47802432</guid></item><item><title><![CDATA[New comment by ymyms in "Ask HN: What Are You Working On? (April 2026)"]]></title><description><![CDATA[
<p>I'm making capability security for distributed systems. The primitives and engine are both open source.
Primitives: <a href="https://github.com/Hessra-Labs/hessra-tokens" rel="nofollow">https://github.com/Hessra-Labs/hessra-tokens</a>
Engine: <a href="https://github.com/Hessra-Labs/hessra-cap" rel="nofollow">https://github.com/Hessra-Labs/hessra-cap</a><p>It's built using biscuits and written in rust. I'm really into it. Using capability security as a model makes building things feel like they snap together a lot more naturally. At least for me.<p>I've also got a blog post describing it in more detail: <a href="https://www.hessra.net/blog/what-problem-led-me-to-capability-security" rel="nofollow">https://www.hessra.net/blog/what-problem-led-me-to-capabilit...</a></p>
]]></description><pubDate>Mon, 13 Apr 2026 05:27:14 +0000</pubDate><link>https://news.ycombinator.com/item?id=47747958</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=47747958</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47747958</guid></item><item><title><![CDATA[New comment by ymyms in "The $100B megadeal between OpenAI and Nvidia is on ice"]]></title><description><![CDATA[
<p>They apparently are working on and are going to release 2(!) different versions of siri. Idk, that just screams "leadership doesn't know what to do and can't make a tough decision" to me. but who knows? maybe two versions of siri is what people will want.</p>
]]></description><pubDate>Sat, 31 Jan 2026 04:06:18 +0000</pubDate><link>https://news.ycombinator.com/item?id=46833348</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46833348</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46833348</guid></item><item><title><![CDATA[New comment by ymyms in "The insecure evangelism of LLM maximalists"]]></title><description><![CDATA[
<p>A human SWE can use an LLM to refactor and reduce some of the debt just as easily too. I think fundamentally, the possible rate of new code and new technical debt introduced by LLMs is much higher than a human SWE. Left unchecked, a human still needs sleep and more humans can't be added with more compute.<p>There's an interesting aspect to the LLM debt being taken on though in that I'm sure some are taking it on now in the bet/hopes that further advancements in LLMs will make it more easily addressable in the future before it is a real problem.</p>
]]></description><pubDate>Wed, 14 Jan 2026 00:37:49 +0000</pubDate><link>https://news.ycombinator.com/item?id=46610756</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46610756</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46610756</guid></item><item><title><![CDATA[New comment by ymyms in "The insecure evangelism of LLM maximalists"]]></title><description><![CDATA[
<p>All code is technical debt though. We can't spend infinite hours finding the absolute minima of technical debt introduced for a change, so it is just finding the right balance. That balance is highly dependent on a huge amount of factors: how core is the system, what is the system used for, what stage of development is the system, etc.</p>
]]></description><pubDate>Wed, 14 Jan 2026 00:31:36 +0000</pubDate><link>https://news.ycombinator.com/item?id=46610710</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46610710</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46610710</guid></item><item><title><![CDATA[New comment by ymyms in "The insecure evangelism of LLM maximalists"]]></title><description><![CDATA[
<p>I also feel like it makes me more productive but measuring software engineering productivity is famously difficult. If there was an easy way to measure it, managers at bigco would have employed it with abandon years ago.</p>
]]></description><pubDate>Wed, 14 Jan 2026 00:22:46 +0000</pubDate><link>https://news.ycombinator.com/item?id=46610624</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46610624</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46610624</guid></item><item><title><![CDATA[New comment by ymyms in "The insecure evangelism of LLM maximalists"]]></title><description><![CDATA[
<p>Huh? Where did I say that's what I like? I'm just trying to discuss for discussion's sake. Personally, I want a world that rewards the people who put their thought, care, and craftsmanship into something more than those that don't. In order to live in that world, I think we need to discuss the parts (maybe the whole) that don't and why that might be.</p>
]]></description><pubDate>Wed, 14 Jan 2026 00:13:39 +0000</pubDate><link>https://news.ycombinator.com/item?id=46610523</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46610523</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46610523</guid></item><item><title><![CDATA[New comment by ymyms in "The insecure evangelism of LLM maximalists"]]></title><description><![CDATA[
<p>I didn't mean to imply LoC as a measurement of productivity. What I really mean is more "amount of useful code produced to a level the human-using-the-llm determines to be useful".<p>To try and give an example, say that you want to make a module that transforms some data and you ask the LLM to do it. It generates a module with tons of single-layer if-else branches with a huge LoC. Maybe one human dev looks at it and says, "great this solves my problem and the LoC and verbosity isn't an issue even though it is ugly". Maybe the second looks at it and says, "there's definitely some abstraction I can find to make this easier to understand and build on top of."<p>Depending on the scenario and context, either of them could be correct.</p>
]]></description><pubDate>Wed, 14 Jan 2026 00:03:51 +0000</pubDate><link>https://news.ycombinator.com/item?id=46610412</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46610412</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46610412</guid></item><item><title><![CDATA[New comment by ymyms in "The insecure evangelism of LLM maximalists"]]></title><description><![CDATA[
<p>My gut says that is not a property of LLM evangelists, but a property of current internet culture in general. People with strong, divisive, and engaging opinions seem to do well (by some definition of well) online.</p>
]]></description><pubDate>Tue, 13 Jan 2026 23:50:57 +0000</pubDate><link>https://news.ycombinator.com/item?id=46610251</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46610251</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46610251</guid></item><item><title><![CDATA[New comment by ymyms in "The insecure evangelism of LLM maximalists"]]></title><description><![CDATA[
<p>I mean, isn't driving the business forward really what matters (outside of academia, open source, and other such endeavors). We live in a hyper competitive market. All else being equal, if company A can produce "millions of lines of slop", constantly living on the knife-edge of disaster but not falling over it, they will beat company B that artificially slows themselves down. Up until the point company A implodes, but that's not necessarily a given if pre-LLM companies are any indication.</p>
]]></description><pubDate>Tue, 13 Jan 2026 23:47:33 +0000</pubDate><link>https://news.ycombinator.com/item?id=46610209</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46610209</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46610209</guid></item><item><title><![CDATA[New comment by ymyms in "The insecure evangelism of LLM maximalists"]]></title><description><![CDATA[
<p>"I find LLMs useful as a sort of digital clerk - searching the web for me, finding documentation, looking up algorithms. I even find them useful1 in a limited coding capacity; with a small context and clear guidelines."<p>I am curious why the author doesn't think this saves them time (i.e. makes them more productive).<p>I never had terribly high output as a programmer. I certainly think LLMs have helped increased the amount of code that I can write, net total, in a year. Not to superhuman levels or even super-me levels, just me++.<p>But, I think the total time spent producing code has gone down to a fraction and has allowed me more time to spend thinking about what my code is meant to solve.<p>I wonder about two things:
1. maybe added productivity isn't going to be found in total code produced, because there is a limit on how much useful code can be produced that is based on external factors
2. do some devs look at the output of an LLM and "get the ick" because they didn't write it and LLM-code is often more verbose and "ugly", even though it may work? (this is a total supposition and not an accusation in any way. i also understand that poorly thought out, overly verbose code comes with problems over time)</p>
]]></description><pubDate>Tue, 13 Jan 2026 23:40:58 +0000</pubDate><link>https://news.ycombinator.com/item?id=46610135</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46610135</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46610135</guid></item><item><title><![CDATA[New comment by ymyms in "The Vietnam government has banned rooted phones from using any banking app"]]></title><description><![CDATA[
<p>Heh yeah, my comment does kinda scream credit card. What I really mean is something programmable for narrow use-cases like multiple forms of payments, transit, or other stuff like building access.</p>
]]></description><pubDate>Sun, 11 Jan 2026 21:05:32 +0000</pubDate><link>https://news.ycombinator.com/item?id=46580065</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46580065</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46580065</guid></item><item><title><![CDATA[New comment by ymyms in "Ask HN: What are you working on? (January 2026)"]]></title><description><![CDATA[
<p>I'm working on <a href="https://www.hessra.net/" rel="nofollow">https://www.hessra.net/</a><p>We've built a new auth platform with some new identity primitives and capability-style tokens using biscuits.<p>Right now, I'm trying to figure out ways to apply it and am looking into offering integrations with extremely fine-grained access control that wouldn't have it otherwise. So adding a fine-grained access layer in front of stuff like backend-for-frontend (BFF) systems, brownfield stuff with poor auth, or even OAuth stuff that just have really coarse scopes.<p>Are there any integrations out there that people want but the access control is bad for them? I'll build one for you!</p>
]]></description><pubDate>Sun, 11 Jan 2026 20:23:36 +0000</pubDate><link>https://news.ycombinator.com/item?id=46579619</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46579619</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46579619</guid></item><item><title><![CDATA[New comment by ymyms in "The Vietnam government has banned rooted phones from using any banking app"]]></title><description><![CDATA[
<p>I wonder if this makes room in the market for some simpler device for payments. Something like a wearable that you can tap-to-pay and has the signed software attenuation but nothing else so you can't be tracked using GPS.</p>
]]></description><pubDate>Fri, 09 Jan 2026 18:33:46 +0000</pubDate><link>https://news.ycombinator.com/item?id=46557289</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46557289</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46557289</guid></item><item><title><![CDATA[New comment by ymyms in "IBM AI ('Bob') Downloads and Executes Malware"]]></title><description><![CDATA[
<p>You are very on base. In fact, there is a deep conflict that needs to be solved: the non-determinism is the feature of an agent. Something that can "think" for itself and act. If you force agents to be deterministic, don't you just have a slow workflow at that point?</p>
]]></description><pubDate>Thu, 08 Jan 2026 19:05:29 +0000</pubDate><link>https://news.ycombinator.com/item?id=46545035</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46545035</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46545035</guid></item><item><title><![CDATA[New comment by ymyms in "Warren Buffett steps down as Berkshire Hathaway CEO after six decades"]]></title><description><![CDATA[
<p>Driving a car that old puts yourself and others on the road at greater risk due to lack of safety features compared to a modern car. One could argue being able to afford a new car and not buying one to extoll other virtues is neglecting your own and communal good.</p>
]]></description><pubDate>Thu, 01 Jan 2026 09:48:24 +0000</pubDate><link>https://news.ycombinator.com/item?id=46452735</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46452735</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46452735</guid></item><item><title><![CDATA[New comment by ymyms in "Ask HN: What Are You Working On? (December 2025)"]]></title><description><![CDATA[
<p>I'm working on <a href="https://www.hessra.net/" rel="nofollow">https://www.hessra.net/</a><p>It's a full identity and authorization platform targeted for service-to-service use cases. But my focus the last couple months has been to make provisioning identity super easy, and I think I've done that (at least compared to something like SPIRE).<p>So if anybody has CI/CD pipelines, AI agents, edge-functions, or multi-cloud workloads they want to give auditable identity, I can help!</p>
]]></description><pubDate>Sun, 14 Dec 2025 22:58:15 +0000</pubDate><link>https://news.ycombinator.com/item?id=46268028</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46268028</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46268028</guid></item><item><title><![CDATA[New comment by ymyms in "Ephemeral infrastructure: Why short-lived is a good thing"]]></title><description><![CDATA[
<p>Another benefit is that you can provision ephemeral resources with an identity that has an expiration to match the resource’s lifecycle. Then, you don’t need to figure out rotation at all, just redeploy with a newly minted identity included.</p>
]]></description><pubDate>Fri, 05 Dec 2025 17:50:12 +0000</pubDate><link>https://news.ycombinator.com/item?id=46164691</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46164691</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46164691</guid></item><item><title><![CDATA[New comment by ymyms in "The Missing Foundation of Non-Human Identity"]]></title><description><![CDATA[
<p>I’ve been working on an identity/authorization system for machines and kept getting stuck on a basic question: what is machine identity, independent of any one stack (Kubernetes, cloud, OAuth, etc.)?<p>This post proposes a simple model based on where identity originates (self-proven / attested / asserted), what privileges it has at birth, and how it lives over time (disposable vs durable). I’ve also mapped common systems like SSH, SPIFFE/SPIRE, API keys, IoT, and AI agents into it.<p>I’d be very interested in counterexamples, ways this breaks down in real systems, or prior art I’ve missed.</p>
]]></description><pubDate>Fri, 05 Dec 2025 15:31:29 +0000</pubDate><link>https://news.ycombinator.com/item?id=46162593</link><dc:creator>ymyms</dc:creator><comments>https://news.ycombinator.com/item?id=46162593</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46162593</guid></item></channel></rss>