My management chain has recently mandated the use of AI during day-to-day work, but also went the extra step to mandate that it make us more productive, too. Come annual review time, we need to write down all the ways AI made our work better. That positive outcome is pre-supposed: there doesn't seem to be any affordance for the case where AI actually makes your work worse or slower. I guess we're supposed to ignore those cases and only mention the times it worked.
It's kind of a mirror image of the global AI marketing hype-factory: Always pump/promote the ways it works well, and ignore/downplay when it works poorly.
I recently heard a US journalist/author named Chris Hedges say something to the effect that the US has the symbols, the iconography and the language of a democracy, but internally, corporates and oligarchs have seized all the levers of power, and that it is reminiscent of the end of the Roman Empire. He also went onto distinguish between corporates and oligarchs, claiming that the two political camps in the US actually represent these two sides (rather than democracy vs. facism or socialism).
1.) This is NOT an annual fee. It’s a one-time fee that applies only to the petition.
2.) Those who already hold H-1B visas and are currently outside of the country right now will NOT be charged $100,000 to re-enter.
H-1B visa holders can leave and re-enter the country to the same extent as they normally would; whatever ability they have to do that is not impacted by yesterday’s proclamation.
3.) This applies only to new visas, not renewals, and not current visa holders.
It will first apply in the next upcoming lottery cycle.
For anyone subjected to these, they usually contain the header X-PHISHTEST which you can create a filter for, and then either send them to trash or put them in a special folder so you can report them later.
"The hollowing out of the middle class in the US isn't because of immigrants, it's because of a sustained campaign by capital to reduce the power of labor over the last 50-odd years and to concentrate wealth as best they can."
Creating low cost alternatives and taking advance of lax laws is part of that. If you can import 100k skilled workers per year under a scheme that gives you more power over them. Then you also offshore 300k jobs per year to countries with weaker protections.
It's always baffled me how the same candidates that claim to be pro labor and pro environment are also pro globalization. The way it plays out is that the jobs are just offshore to jurisdictions that lack the same labor and environmental protections.
>Numerous studies show that reading is in free-fall. Even the most pessimistic twentieth-century critics of the screen-age would have struggled to predict the scale of the present crisis.
Marshall McLuhan, the media theorist, began his academic career as a scholar of Medieval history, but his attention soon turned to the Gutenberg press and the rise of literacy (over 3 centuries), and how it changed the way we think. He then applied his theories to radio, film, TV etc.
In the 1960s McLuhan was invited to tour the skunkworks at IBM, Xerox Parc, and Bell Labs where they were working on the early iterations and basic building blocks of what would become the internet we know today.
They showed him their vision for "Peer to peer electronic media", and McLuhan applied his theory of media to the not-yet-realized notion of social media.
He definitely saw it as something that would bring a death knell to the literary age, and recognized that social media was inherently tribalistic. According to McLuhan we would all be "marching to the beat of the tribal drums". And that brings us to today, wherein America is officially under the spell of state sponsored tribalism, and reading in the literary sense no longer holds court as the driver of our discourse and thinking.
The dude skated to the puck a good 30 years before it arrived, and he was extremely pessimistic. Mark Zuckerberg has claimed to be a McLuhan fan, but if he actually understands what McLuhan was saying, that's scary:
According to Wikipedia, Soviet Russia promoted literacy specifically to make propaganda more effective
> After the 1917 Bolshevik Revolution, Anatoly Lunachersky, the Soviet People's Commissariat for Education made a conscious effort to introduce political propaganda into Soviet schools, particularly the labour schools that had been established in 1918 under the Statute on the Uniform Labour School.[20] These propaganda pamphlets, required texts, and posters artistically embodied the core values[21] of the Soviet push for literacy in both rural and urban settings, namely the concept espoused by Lenin that "Without literacy, there can be no politics, there can only be rumors, gossip and prejudice."[22] This concept, the Soviet valuing of literacy, was later echoed in works like Trotsky's 1924 Literature and Revolution, in which Trotsky describes literature and reading as driving forces in the forging of a New Soviet Man.[23]
Soviet Russia also obviously killed people in large numbers if they disagreed with the party line, starting immediately after the revolution. If you kill people who disagree with you while promoting specific state-approved propaganda then literacy is indeed not enough.
That's why free speech and in particular the freedom to criticize and disagree with the government is fundamental.
What matters is that (1) people are able to read, (2) people are free to read what they want, and (3) people have access to cheap nonfiction reading material that is likely to be true and accurate. You can attack at any of these points and reduce the ability of literacy to prevent dictatorship.
I think the most optimistic future we could hope for now is some kind of Star Wars like future where incredible technology could be all around us but the vast majority of people do not participate much in its creation or maintenance, so the technology just becomes part of nature and we see people use it in illogical or anachronistic ways, because they don’t know any better. Life becomes something like the Middle Ages but with shiny tech instead of iron and stone. People can’t read because they just talk to their interfaces or communication devices. Most people have menial subsistence type jobs. And ruling over everything is some vast empire that is cartoonishly evil, because the people running it are as simple minded as the people they govern.
>With books, some small amount of people read difficult works while most people read beach lit. With phones, some small amount of people are learning at rates never possible before, while most people consume Tik Tok.
Same with gen-AI. A small amount of people have become autodidacts like never before, while others just use it to replace their own reasoning capabilities, which atrophy as a result. I know someone who self-taught graduate-level math courses using ChatGPT as a personal tutor, and I can confirm they actually learned the material well. I also know college students for whom gen-AI wrote every single word of every assignment.
Any social collapse will be caused by technology further accentuating this bifurcation. The exponential increase of information readily available to us, whether gold or slop, means that the motivated will get exponentially smarter and knowledgeable while the less-motivated get exponentially more distracted, which will lead to unprecedented levels of social inequality.
> Obsidian has a low number of dependencies compared to other apps in our category
Whataboutism. Relative comparisons don't address absolute risk. I checked three random packages: prism pulls 22, remark pulls 51, pixijs 179! So that's 250+ transitive dependencies just from those.
> Features like Bases and Canvas were implemented from scratch instead of importing off-the-shelf libraries. This gives us full control over what runs in Obsidian.
Full control? There are still hundreds of dependencies.
> This approach keeps our dependency graph shallow with few sub-dependencies. A smaller surface area lowers the chance of a malicious update slipping through.
> The other packages help us build the app and never ship to users, e.g. esbuild or eslint.
Build tools like esbuild don't ship to users, but a compromised build tool can still inject malicious code during compilation. This is supply chain security 101.
> All dependencies are strictly version-pinned and committed with a lockfile
Version pinning is, I would hope, standard practice in any professional development team years and years ago. It prevents accidental updates but doesn't stop compromised existing versions.
> When we do dependency updates, we:
> [snip]
While these practices are better than nothing, they don't fundamentally address the core issue.
> That gap acts as an early-warning window: the community and security researchers often detect malicious versions quickly
According to whom? Heartbleed, a vulnerability in a package with far more scrutiny than a typical npm module took what, 2 years to be found? The "community detection" assumption is flawed.
I'm not trying to put Obsidian down here - I sympathize, aside from implementing everything themselves, what can they do! I'm trying to point out that while their intent is good, this is a serious problem and their solution is not a solution.
Of course, it's the same in any project with dependencies. It's the same in other languages as well - if they have a convenient package manager. Like Rust and Cargo.
This problem came with the convenience of package managers and it should be fixed there, not by every application like Obsidian. I'm not sure how but maybe once a package is starting to become popular, additional security measures must be put in place for the author to be able to continue to commit to it. Signing requirements, reproducible builds, 2fa, community reputation systems, who knows.
Individual applications can't solve supply chain security through wishful thinking and version pinning.
Package managers need to solve this at the infrastructure level through measures like mandatory code signing, automated security auditing, dependency isolation, or similar system level approaches.
Obsidian's practices are reasonable given the current tooling limitations, but they don't eliminate the fundamental risks that the package managers bring to modern dependency ecosystems.
Going to preface this post by saying I use and love Obsidian, my entire life is effectively in an Obsidian vault, I pay for sync and as a user I'm extremely happy with it.
But as a developer this post is nonsense and extremely predictable [1]. We can expect countless others like it that explains how their use of these broken tools is different and just don't worry about it!
By their own linked Credits page there are 20 dependencies. Let's take one of those, electron, which itself has 3 dependencies according to npm. Picking one of those electron/get has 7 dependencies. One of those dependencies got, has 11 dependencies, one of those cacheable-request has 7 dependencies etc etc.
Now go back and pick another direct dependency of Obsidian and work your way down the dependency tree again. Does the Obsidian team review all these and who owns them? Do they trust each layer of the chain to pick up issues before it gets to them? Any one of these dependencies can be compromised. This is what it means to be. supply chain attack, you only have to quietly slip something into any one of these dependencies to have access to countless critical user data.
There's a key missing piece to this puzzle: being informed about _why_ you're updating and what the patches are.
Nobody has time to read source code, but there are many tools and services that will tell you brief summaries of release notes. Npm Audit lists security vulnerabilities in your package versions for example.
I do adopt the strategy of not updating unless required, as updates are not only an attack vector, but also an extremely common source of bugs that'd I'd prefer to avoid.
But importantly I stay in the loop about what exploits I'm vulnerable to. Packages are popping up with vulnerabilities constantly, but if it's a ReDoS vulnerability in part of the package I definitely don't use or pass user input to? I'm happy to leave that alone with a notice. If it's something I'm worried another package might use unsafely, with knowledge of the vulnerability I can decide how important it is, and if I need to update immediately, or if I can (preferably) wait some time for the patch to cook in the wild.
That is the important thing to remember about security in this context: it is an active, continuous, process. It's something that needs to be tuned to the risk tolerance and risk appetite of your organisation, rather than a blanket "never update" or "always update" - for a well-formed security stance, one needs more information than that.
A reminder, if you dislike the liquid glass look, that going into System settings / Accessibility / Display and toggling “Increase contrast” gets you a properly nice design with actual borders and solid backgrounds. 100% recommended.
The cost of ignorance won't be felt for at least a decade or two, and by then it will be somebody else problem. Or at least that is what the people making the decisions are hoping.
All: if you can't respond in a non-violent way, please don't post until you can.
By non-violent I mean not celebrating violence nor excusing it, but also more than that: I mean metabolizing the violence you feel in yourself, until you no longer need to express it aggressively.
The feelings we all have about violence are strong and fully human and I'm not judging them. I believe it's our responsibility to each carry our own share of these feelings, rather than firing them at others, including in the petty forms that aggression takes on an internet forum.
If you don't share that belief, that's fine, but we do need you to follow the site guidelines when commenting here, and they certainly cover the above request. So if you're going to comment, please make sure you're familiar with and following them: https://news.ycombinator.com/newsguidelines.html.
Good point. Has me thinking: In any field, over time, there's R&D for it to become more effective. How this progression might apply to marketing:
1. Printed ads, newspapers, billboards, magazines -- You can explain your product and show a picture of what it looks like to demonstrate the value to customers
2. Television ads, black and white -- We can demonstrate the value to customers so well!
3. Wait a minute, if we put music in the TV ads, the songs get stuck in peoples' heads, this is good for our brand
4. Color TV Ads -- We have all the previous benefits but can get more attention with color!
5. We can target regional TV ads in different parts of the country!
6. Oh, we can target any ad based on demographics on social media? This will be effective
7. Ok, now we want to keep targeting ads, but we're gonna A/B test multiple versions of the ads in real time to maximize effectiveness
8. Ok, I need to maximize effectiveness of this ad, let me generate an AI mockup of the product I'm selling to create an illusion of the lifestyle my brand represents
My point is, marketing has been optimized over time and will continue to optimize for profit in the future, and the result has been a divergence in the actual goal of marketing: We've gone from "Demonstrate the value of our product" to "Create an illusion of our lifestyle".
You are being reflexively downvoted, but I am not certain as to why. The assessment strikes me as accurate. Few corps I worked for were willing to go on a limb 'for a cause'. The exceptions were smaller companies where owner had a much bigger say and could effectively align goals with their beliefs.
Corporations are picking the side that's in power. If team blue is in power they would pick blue. Corporations are (usually) not moral or inherently politically motivated other than to the extent of optimizing short term shareholder value.
Option four: It is all part of a deliberate strategy.
The principles of propaganda are well established. Edward Bernays clearly described how to plant ideas and influence public opinion a hundred years ago (https://en.wikipedia.org/wiki/Propaganda_(book)). The only thing that has changed is the speed and intensity of communication.
The extreme flip-flopping of the major tech companies provides a few small possibilities that don't paint a good picture no matter how you look at it:
- They never believed in progressive causes, and were just siding with what they believed was the social majority. (and so when they perceive the social majority has changed, they immediately follow and would follow _any_ social majority.)
- They don't agree with the current anti-progressive social movement (ie, they still hold their old beliefs) but none of them have any backbone whatsoever, and are getting in line with virtually no resistance or fight.
- All the tech company CEOs just happened to be radicalized at the exact same time.
I'm sure that #1 is the most reasonable answer, although perhaps there's a dash of #3 in there. In any case, you'd have to question whether a party-in-power (from a social movement perspective) wouldn't just encourage this trend when _they_ were the ones winning.
Ads are propaganda. Propaganda is Ads. Ads = propaganda.
Propaganda is a tool to persuade people. Are ads an attempt to persuade people?
So is it news that people are using ads/propaganda to persuade people? No.
Will Google, Facebook, Amazon or Apple do anything that will harm their revenue as propaganda platform? No.
Do Google, Facebook, Amazon and Apple use propaganda? Yes.
This is like reading an article about how weapons from weapon companies are being weaponized.
This article brings up important questions about digital influence in wartime, but it's hard to ignore how one-sided the framing is when it comes to Israel.
There's barely a mention of the October 7 massacre, where over 1,200 Israelis were murdered and hundreds taken hostage some of them are children. That’s the context behind Israel’s messaging. Leaving that out gives a very distorted picture of why these campaigns exist in the first place.
The article criticizes Israel for running ads that target UNRWA, but completely skips the fact that more than a dozen UNRWA staff were accused of actively participating in the massacre and holding hostages, That allegation was serious enough for countries like the US, Germany, the UK, and Australia to suspend their funding. That’s not “disinformation,” that’s a real international response.
There’s also zero mention of Hamas’s own propaganda operations. No discussion of how they use Telegram, TikTok, or social platforms to push graphic and often fake content to manipulate global opinion. If we're talking about the weaponization of information, how is that not relevant?
Instead, the article spends thousands of words dissecting Israel’s side while ignoring everything else. It presents only one narrative and wraps it in a moral argument that conveniently excludes key facts and context.
A fair critique would examine how all sides are using digital tools in modern conflicts, not just the one the author disagrees with politically. Otherwise, it’s not an analysis. It’s just a well-written piece of propaganda in itself.
Finally, my time has come! A topic I'm both very passionate about and have a lot of experience with.
> As a result, domestic technology firms like Naver and Kakao have cornered the market for mapping services, making navigation harder for foreign visitors unfamiliar with their platforms.
Oh no! Poor tourists have to download a different map app! Such inconvenience and hardship! It's the opposite. Whenever I go abroad and get to use a local app instead of a FAANG monstrosity, it's usually a delight.
And there is no better example than Maps. Even without knowing a lick of Korean, the discerning HN reader will immediately spot the difference in degree of enshittification with the two local market leaders [1]. Google Maps? Massive space to 3 companies that clearly paid the most for ads. I can't emphasize just how random the companies are, there's no other reason than ads that those are shown. The pictured area is tourist heavy, so plenty of Google Maps users. And dozens and dozens of establishment even just in the screenshot with 100x+ the visitors, including Google Maps searches, than the 3 companies that do get their own name and icon.
Everything else is a grey mess, unusable. Public transit, metro lines? Never heard of them. Different types of streets? Colors that make sense and increase readibility? Nope. Why? Again, go make the ads stand out more.
And unfortunately this is unrelated to Korea - Google Maps is this awful anywhere, as a result of being a monopolistic ads company. Such a prime example of why they need to be broken up.
The local map apps in Korea, Naver Maps and Kakao Maps, are the poster child of just how good it is for a society to protect themselves against the FAANGs. 50 million people get to use a much better navigation app thanks to it. In addition, it creates jobs and keeps all related revenue inside the country. Win-win-win. The only one who loses out is Google, and the few tourists who can't be bothered to install a local app (available in multiple languages, by the way). Even for those, it's not like Google Maps is banned; it's definitely functional. It has the public transit, it has the restaurants and so on.
Stolen cryptocurrency is a sure thing because fraudulent transactions can't be halted, reversed, or otherwise recovered. Things like a random dev's API and SSH keys are close to worthless unless you get extremely lucky, and even then you have to find some way to sell or otherwise make money from those credentials, the proceeds of which will certainly be denominated in cryptocurrency anyway.
The nx supply chain attack via npm was the bullet many companies did not doge. I mean, all you needed was to have the VS Code nx plugin installed — which always checked for the latest published nx version on npm. And if you had a local session with GitHub (eg logged into your company’s account via the GH CLI), or some important creds in a .env file… that was exfiltrated.
This happened even if you had pinned dependencies and were on top of security updates.
This is why when I contract for an early stage startup, I pose the question:
"What if your app went viral and you woke to a $20k cloud bill? $50k? $80k?"
If the answer is anything less than "Hell yeah, we'll throw it on a credit card and hit up investors with a growth chart" then I suggest a basic vps setup with a fixed cost that simply stops responding instead.
There is such a thing as getting killed by success and while it's possible to negotiate with AWS or Google to reduce a surprise bill, there's no guarantee and it's a lot to throw on a startup's already overwhelming plate.
The cloud made scaling easier in ways, but a simple vps is so wildly overpowered compared to 15 years ago, a lot of startups can go far with a handful of digitalocean droplets.
I really don't understand how people given access to a pile of tools and data sources and unleash them on customers. It's horrible UX in my experience and at times worse than a phone tree.
My view is that you need to transition slowly and carefully to AI first customer support.
1. Know the scope of problems an AI can solve with high probability. Related prompt: "You can ONLY help with the following issues."
2. Escalate to a human immediately if its out of scope: "If you cannot help, escalate to a human immediately by CCing [email protected]"
3. Have an "unlocked agent" that your customer service person can use to answer a question and evaluate how well the agent performs in helping. Use this to drive your development roadmap.
4. If the "unlocked agent" becomes good at solving a problem, add that to the in-scope solutions.
Finally, you should probably have some way to test existing conversations when you make changes. (It's on my TODO list)
I've implemented this for a few small businesses, and the process is so seamless that no one has suspected interaction with an AI. For one client, there's not even a visible escalation step: they get pinged on their phone and take over the chat!
It's kind of a mirror image of the global AI marketing hype-factory: Always pump/promote the ways it works well, and ignore/downplay when it works poorly.