> This is a gigantic effort from Larian, who among all things is still updating its software instead of resting on its own laurels.
What makes this story even better is how it actually came about - this wasn't initially a top-down corporate initiative, but rather a passion project from a single engineer who worked on it after hours. The fact that Larian immediately recognized the value and threw their full support behind it says everything about their culture.
Swen Vincke shared the backstory:
> The story of how this came to be really is one of true passion. The Steam Deck native build was initiated by a single engineer who really wanted a smoother version of the game on Steam Deck and so he started working on it after hours. When we tried it out, we were all surprised by how good it felt and so it didn't take much to convince us to put our shoulders behind it and get it released. It's this type of pure passion for their craft that makes me fall in love with my developers over and over again. Considering myself very lucky to have people like him on my team. Try it out!
They probably would have to get the permission of the engineer to name them publicly. With how the gaming community behaves on social media I wouldn't be surprised if the engineer doesn't want that. Because that could mean death threats for you and your family the next time a subset of the community gets upset with your employer.
Not sure why this is getting downvoted, you are absolutely correct. The unhinged weirdos are still a minority, but less and less ashamed of their own behavior online. No doubt that dev is better off remaining unnamed in this instance.
They may be a minority but they are more empowered than ever. Both by the new owner of Twitter and the current politics in the US.
It’s a shame that large companies like EA/Bethesda/Valve/etc don’t do more to fight against it, instead of cowering and leaving indie devs that are barely surviving to fend this off.
> all of mid/late 2010s online politics was colored by one reviewer giving a favourable game review to a game that some people disliked
That's kind of a twisted interpretation of events. It was coloured by one incel who though he owned the developer of a game and a whole lot of incels who sympathized because they too were owed a vagina by the ones who controlled them. Now it's spread to broader issues and higher levels of politics and is still going.
I remember the start of GamerGate well, it was all people screaming about "ethics in games journalism". But you're obviously right that that it wasn't really about ethics in games journalism, your description is probably a better reflection of the actual psychology of the people involved.
And then there are people, gamers, who were actually just dismayed with the conflicts of interest that ran rampant in the orthodox "games journalism" space and didn't give two shits about the personal drama side of the story, although that's mostly solved by finding your favorite youtube reviewer. And those who were genuinely focused on improving discovery of good indie games were subjected to some pretty horrible commentary that completely missed the point. Now there are smaller dedicated publications or channels that actually do regularly (weekly/monthly) review a decent volume of new promising indie games to help discover standouts, but that turned out to be a niche that the existing publications didn't want to keep up with, and a niche that suddenly many people denied even existed, for some reason? People who can't contemplate that there are amazing passion projects out there to be discovered, I suppose because those people can't imagine actually working hard on something people would enjoy, because they would rather spend their time raining on others' parades instead.
But it was too close of a tangent towards criticism of establishment journalism in general, so of course establishment journalism countered back with the only weapon it has, and suddenly the vast majority of people forgot any of it had to do with reviewing and promoting good indie video games.
People who make indie games are not losers. People who want good games to be promoted are not losers. It is an art. It's not for everyone. People who just want to play the latest AAA sequel can stick to those. But if you've ever tried a niche indie game and been more impressed than you expected, you know it's art, and you'd want other people discovering and promoting the good ones, and talking about what makes them special.
I am not going to re-litigate GamerGate here. There were people who were genuinely concerned about ethics in games journalism, sure. But it did not become the defining event in the online-political sphere of the mid/late '10s simply due to genuine concerns about ethics in games journalism.
Correct, because a large portion of the public has no idea what indie games are, or how the software industry works, but they know that angry nerds are funny.
What I remember is that there were a subset of people I was acquainted with online who when this started all /immediately/ started posting things exactly like the comment this is a reply to; "these people just don't respect women, you all need to sit down and listen to women and center women" kinds of things. They were all men; mostly straight men although some were bi, and all generally thought to be fine although known for being a little performative and mildly, as they say, horny on main a little too often.
Every single one of them later turned out to be a sexual predator. This is now known as the "softboi" or "male feminist". This kind of person is still out there and is dangerous as ever, so it's important to keep an eye out.
(None of these people were in tech; instead all my tech coworkers who were men and lived in SF also heard "we need to respect women", but being kind of autistic engineers took it too literally and didn't seem to know any women, so they seemed to think the right thing to do was go out and find a woman and literally just start respecting them. This didn't work out for them and they mostly ended up getting scammed by scammers who happened to be women.)
No you are the one twisting it. It was about conflict of interest regardless how hard you try to throw around ad-hominems and rewrite history.
A game reviewer should not be in sexual relationships with people selling games that get reviewed. I think anybody not ideologically captured would agree.
I also find it tasteless to use the same rhetoric here as it was used back then to slander someone into suicide.
Not that I'm aware of. I thought that was weird at first as well, but I assume it might be in a way to protect the engineer.
Unfortunately, singling out any individual developer, even for praise, can attract unwanted negative attention online. By acknowledging the passion and the work without naming the person, Swen gives them full credit internally while shielding them from becoming a public target.
This doesn't even necessarily have to be intentional harassment, but if this engineer is now the "SteamDeck guy" at Larian, their social media might get flooded by people who mistake their personal social media accounts for a support ticket.
I'm sure the engineer has the option to self-identify if they wish, but this approach feels like a sign of good and thoughtful leadership.
This is an interesting perspective... I'd be at a loss to think of an example of an engineer who's been publicly pilloried (having been highly regarded for great work) for the failings of their company. Perhaps you could cite and example?
Seems enormously more likely to be the all to familiar story in the games industry of not providing credit to individual devs. Something that goes back to the earliest days of Atari.
> I'd be at a loss to think of an example of an engineer who's been publicly pilloried (having been highly regarded for great work) for the failings of their company. Perhaps you could cite and example?
Because these guys and gals are not famous enough to warrant large coverage, and because the phenomenon is unfortunately so widespread that noone is going to cover every case.
Thanks, really appreciate the concrete examples. They're not quite what I was referring to (developer praised by company / media - then attacked for issues with the company beyond their purview), but they do point to a (largely invisible from outside the industry / twitter bubble) truly worrying and frightening level of animosity and aggression pointed towards devs that I wasn't sufficiently aware of.
I don't think you need a case quite this specific because of the following:
> then attacked for issues with the company beyond their purview
Ultimately, whether an employee is praised or not is completely irrelevant to the nutjobs taking their anger out on them because of something their employer did.
I agree. It's bad in either case. No issue with a game or game engine should ever result in threats of violence or harassment. It's vile to publicly shame, cancel, still less attack individuals for the mistakes of their companies.
My initial skepticism was based in the voluminous amount of false allegations of harassment and misportrayal of valid criticism as harassment that happened at one point several years ago in the games industry.
I'm not necessarily saying they'd get pilloried. I'm saying that having your personal digital space colonized by people who think you're customer support is insanely disruptive.
Think replies full of "I only get 8 fps in Act 3, pls fix" when you just wanted to post a photo of your vacation.
I can't think of specific names anymore since it's been a while since I have played it, but a lot of the developers for World of Warcraft used to be and likely still are active on Twitter. For a lot of them, the community knew fairly well which features of the game or which class they were responsible for. When I used to look at the replies to some of their Tweets (even ones completely unrelated to WoW), they were often full of complaints about their area of perceived responsibility.
I fully understand every engineer who just wants to put their head down and work on their stuff they're passionate about without having to also be public-facing. Even in a small company like mine, some of our devs constantly complain that some customers know that they are responsible for certain features of our product and email them directly rather than going through the proper support channels.
Your point about the games industry often struggling with providing proper credit to devs is well taken - it's absolutely an issue. But in this case, Vincke did actually do that, in a way. He could've just kept quiet and let the playerbase think it was a company effort, but instead he publicly highlighted and recognized the passion and work of one of their engineers (even though anonymously). That engineer can look at the countless positive replies to that post and get the nice fuzzy feeling without getting dragged into the spotlight.
I take your point about being inadvertently made a point of contact for customer support / complaints about technical issues with the game.
Disagree however about the value credit - personal credit has concrete value (career wise, status wise etc), warm and fuzzy feelings less so. Right now we can only guess whether the dev had a say in the matter.
You're absolutely right that named credit has tangible career benefits that go well beyond feelings. But I think Vincke threaded that needle well with the anonymous public credit - it creates a documented public record of innovative work at the company level while preserving the engineer's privacy.
The engineer can still leverage this (LinkedIn, internal promotions, industry networking) without being forced into a public-facing role they might not want. When they're interviewing or networking, they can point to Vincke's public acknowledgment and say "that was my project" in contexts where it's professionally relevant, without having their personal social media permanently associated with it.
Considering Vincke was impressed enough to publicly acknowledge this individual's passion and initiative, there's no doubt in my mind that this engineer could get named credit or something that would acknowledge their role in the project if they wanted it.
But to go a bit meta:
I think it's strange that we are discussing this in the context of a CEO publicly acknowledging one of their engineers (even if anonymously). Vincke is, at least in the context of the broader industry, going above and beyond. I doubt you'd see Ubisoft, EA, or Blizzard publicly acknowledging a single engineer's after-hours passion project in this way.
Feels a bit like misdirected energy, I guess?
Why are we debating about the nuances of named vs anonymous credit and recognition when industry leaders don't give any?
It's like calling someone out for only tipping 10% while ignoring the guy in the top hat who's tipping 0. If you want gaming companies to get better about giving credit and recognition, you should support the companies that are at least moving in the right direction. I know it's easy to be cynical, but don't let perfect be the enemy of good.
I'd cite that as an example of the tyranny of diminished expectations. To be clear - I was criticising not providing named recognition. Of course providing some recognition is better than none. Perhaps you're right, perhaps the engineer involved can leverage this in interviews (or perhaps not, it might be difficult to prove / DNA'd etc), but you're giving the CEO the benefit of the doubt here.
I very strongly agree all creative workers should receive fair recognition (and compensation) for their work. I disagree with directionality as a moral framework. Doing something similar to the right thing is not necessarily doing the right thing. In this case my immediate assumption would be that the CEO is boasting about their anonymous hardworking impassioned employees as a way of 'glazing' the company, rather than shielding them from public criticism. It's impossible to know, but CEOs are not generally known to be good and ethical people. Larian may well be exceptional in this regard, but giving the benefit of the doubt to CEOs in general is a poor heuristic.
I've worked enough with customers to know they're mostly fine, until you get that one weirdo that finds out where you work and follows you home. You get a few every year. Knowing that, who would want their name associated with something in a space that produces as many incredibly motivated folks as the videogame industry?
It's not always, but Israel is uniquely positioned for tech companies of this kind thanks to Unit 8200.
Israel has mandatory military service. They grab the most promising teenagers and give them insanely good cybersecurity training on the government's dime. They do their mandatory service, maybe spend a few more years in the unit, then move on to the private sector. Most, if not all, of Israel's tech companies in the cybersecurity/surveillance sector are related to Unit 8200 for this reason.
But also: I think it's fair to say that Israeli spyware gets more media attention party because of geopolitical factors. Similar to Russian or Chinese spyware. I doubt the same headline would catch as much attention if you swapped Israeli-founded with Spanish-founded.
How can you do effective conflict resolution in a society where someone reads an anecdote about a rude teenager and immediately assumes the problem is multiculturalism?
I don't remember bringing up race. Another interesting leap.
But please do elaborate on what sort of 'dominant culture' you're longing for and what sort of policies you'd love to see to (re-)establish that 'dominant culture' to resolve the incredibly new phenomenon of teenagers being rude and rebelling against social norms.
Come on, don't be a coward and just drop the dogwhistling. You're bad at it.
A dominant culture means a step back from individualist values. The most effective 'policies' are created through communities not through law. We cannot rely only on the law for a healthy society; it is necessary but not sufficient.
Rebelling against cultural norms is not the problem. The problem is when people escalate quickly because of it and threaten others. That means the gaps between cultures/subcultures have gotten too big.
You randomly bring up multiculturalism as a problem to be solved in response to a story about a rude teenager of unknown cultural background, and assume I'm dogwhistling? Please elaborate because all I'm seeing here is projection.
But I see we've pivoted from "multiculturalism bad" to pseudo-intellectual theorizing about collective cultural conformity. Very smooth. Different packaging, still trying to sell the same product, though.
> The problem is when people escalate quickly because of it and threaten others.
Guy asked teenager to use headphones, teenager got defensive, guy put in earplugs. That's... literally de-escalation and conflict avoidance. Are we reading the same anecdote?
You've managed to escalate "rude teenager won't use headphones" into a lament about the decline of Western civilization and the need for cultural homogeneity. It's almost impressive how much ideological weight you're hanging on one kid's refusal to wear headphones.
More name-calling. You still haven't addressed my initial question yet. I'll rephrase it again for you: How do you enforce norms without a dominant culture? Do we even need norms at all?
You're asking about norm enforcement failure, but the story shows norms working fine: expectation communicated, pushback received, de-escalation chosen, situation resolved peacefully, albeit not to the satisfaction of the commenter. The system worked.
The fact that the teenager got defensive is indicative of his understanding of societal expectations and norms. Bending and pushing against norms is what teenagers do, and have done since the dawn of time, regardless of their cultural background and regardless of whether they're navigating the norms of a dominant monoculture or those of a multicultural society.
Your question assumes there was some breakdown that needs fixing, but the only 'problem' was mild inconvenience. When did that become evidence of cultural collapse requiring homogeneity to solve?
You still haven't explained why 'teenager won't use headphones' made you think 'multiculturalism is a problem.' For all you know, this story involved two white Christian Scots from the same cultural background. I'll gladly discuss theories about norm enforcement with you once you've explained why you deemed it necessary to inject race and culture into a story that mentioned neither.
I'm not going to entertain your 'just asking questions' routine until you do.
That's a firm 'no' on explaining your original non sequitur then? I told you I'm happy to dive into theories, philosophy, and other theoretical scenarios once you've answered that simple question.
But you're welcome, I guess. At least one of us did.
I doubt you would be happy to hear it, actually. And I doubt it would change your opinion one bit.
You've kicked this entire thread off with an incredibly telling non sequitur: teenager won't use headphones -> multiculturalism bad. When called out on that leap, you pivoted to abstract questions about norm enforcement while ignoring that the norms actually worked fine in this situation.
You're not interested in debate. You're interested in getting someone to validate your predetermined conclusion about the necessity of a cultural hegemony. Having to acknowledge that norm enforcement wasn't actually broken here is pretty inconvenient for that narrative, isn't it?
Still waiting for you to explain that original leap, but we both know you won't. Because you can't without exposing yourself further. Good day. Thanks for playing.
This is a deeply concerning development, though not an entirely surprising one. While I sympathize with itch.io's position - being caught between their creators and their payment processors - the broader implications here are alarming.
Payment processors have effectively become unelected censorship boards with the power to strangle entire categories of legal content by threatening to cut off the economic infrastructure that platforms depend on. The fact that a single advocacy campaign can pressure Visa/Mastercard/PayPal into forcing platforms to remove legal adult content should concern anyone who values free expression online.
The fundamental issue isn't whether you personally approve of adult games or specific content - it's that a handful of payment companies now wield veto power over what legal content can exist in the digital economy. This represents a massive concentration of censorial authority in the hands of unaccountable corporate entities that face no meaningful democratic oversight.
We've seen this pattern repeatedly: PayPal blocking VPN providers over "piracy concerns," Visa suspending payments to adult sites, and now this coordinated pressure campaign. Each time, legal content gets effectively banned not through legislation or courts, but through corporate policy decisions made behind closed doors.
By inserting themselves as moral arbiters for the digital economy and free expression on the internet, these processors are creating a very strong case for being designated as common carriers or being subjected to much stricter public utility regulation. When payment infrastructure becomes as essential as electricity or telephone service for participating in the digital economy, treating these companies as neutral utilities rather than editorial boards becomes not just reasonable but necessary.
> "We've seen this pattern repeatedly: PayPal blocking VPN providers over "piracy concerns," Visa suspending payments to adult sites, and now this coordinated pressure campaign."
And more: before those, there was also Wikileaks[0,1], SciHub[2], and Tor[3]—among other high-profile acts of authoritarian censorship. There's countless others if you search HN—hard to sort them out for the sheer volume.
I'm very puzzled as to how these "advocacy campaigns" are able to control all of the payment processors like this. That Collective Shout "open letter" must be the tip of the iceberg.
Yes it's puzzling. And I don't buy the answers to your comment so far. Chargebacks? Wanting to control everything? Those are just silly hand-waving explanations that lack supportive evidence. They sound good to the people who say them, but I want more. I want data. Or at least some "aha!" evidence. Or, at least I can make up my own hand-wavy speculation.
These groups like "Collective Shout" don't seem organic to me. Where do they find members? In churches? I'm pretty clued-in to the going on in various churches, nobody knows anything about Collective Shout. It just materialized out of thin air, with a slick website and loudly claiming responsibility for these bans. "Look at us! We did this! No need to look elsewhere!"
Let me put on my aluminum-foil hat for a minute... Could this all be social engineering by some government agency that wants to ban porn (not outright, but make porn sites go out of business) to increase the birth rate to avoid demographic collapse? Just asking questions here.
I think that payment processors want to be able to control everything. I don't think they care about adult content per se, they care about being able to allow/deny anything for any reason. They also don't really care about "hate speech", which is what gets censored when dems are in power. Republicans are in power now, so they're going after adult content. But to me, it seems like they only do it this way because it's easier than doing everything at once. Their real goal, the goal that they will mask with moral concerns about things like hate speech and adult content, is to have full control over who and what can use their payment systems without any restrictions. It seems be be working really well because instead of everyone fighting censorship by payment processors as a whole, half of us choose not to care when it happens to the other half. I really struggle reading these threads because the "it's a private company that can do what they want and if you don't like it build your own" argument is seared into my memory from when this started happening years ago.
> I really struggle reading these threads because the "it's a private company that can do what they want and if you don't like it build your own" argument is seared into my memory from when this started happening years ago.
My answer to that has always been - if a "private company" is so important and critical to a nation or economy, like a payment processor, then that company has lost the right to be private and needs to be nationalized and become a public service. Had this argument all the time back in '08; if a company needs bailed out by the government or the nation/economy will collapse, its clearly too important to be a private for profit enterprise and should be nationalized and become a public service
Not everything needs, nor should be, a private enterprise for profit. Payment processors, utilities, etc. should just be public services, available to all equally and for all legal purposes.
> If an activity becomes this essential, the government should provide a competitive entrant in the same field.
I'll admit I didn't even think of that, and yeah I'd agree that's a good solution worth pursuing in cases like this. I can think of many industries where we need to inject competition into the market.
I don't understand how this would work. If the government created some entity to handle processing payments (or whatever), I assume it would be a publicly funded non-profit, since there is precedent for that. How much funding does it get? Where does that money come from? How does it compete with the existing massively powerful corporations? What incentives does the government entity have to compete? What happens if it goes bankrupt or is purchased? What happens to whatever capital was used to fund it?
It just seems like the government entity would need to actively engage with seeking profits or just existing to artificially lower costs. I don't think the majority of people would want the government to have a for-profit arm that exists to compete with businesses, and I don't think corporations would just play nice.
I'd say that USPS is the closest example of this, and it's a pretty good example of how things can go wrong as well. The active attack against the postal service to try to privatize it is terrible. It will do nothing but continue to isolate power to the ultra wealthy and make people's lives worse. For-profit corporations and the government just have (or ought to have) fundamentally different incentives to exist.
I'd be curious to know of any examples of this working well. I don't mean to be so antagonistic, I just am really struggling to understand how this could work in any way.
These are all fantastic and interesting questions and are exactly the same questions you would face if you expropriated the property of the businesses my parent proposed privatizing.
The issue is not how complicated and difficult such an endeavor is (and you rightly identify it as such).
The issue is, if we're going to do this heavy lifting anyway, might we do it in a way that doesn't involve theft ?
> The issue is, if we're going to do this heavy lifting anyway, might we do it in a way that doesn't involve theft ?
Expropriation usually involves paying the owners so it isn't theft, its just the government buying out the stocks just like a private corporation would. Are you saying Elon musk stole twitter? That is the same thing.
Anyway, here since this is shared between countries its better to just regulate what these processors can do, like the EU does when they regulate how large payment processing fees can be etc. Since its used for international trade no single country can own it.
Agreed. When people say that we need to privatize something because the government is not doing its job effectively, I always think that the government is not doing its job effectively because of the lack of competition. If you just replace the governmental entity with a private entity, then you would end up with more problems than before. The better way to approach this would be to create a governmental entity that competes with the private sector. Each can keep the other in check with competition. For example, in the case of tax prep in the US, the government can set up a competing entity that makes the tax prep software and keep turbo tax in check.
> If an activity becomes this essential, the government should provide a competitive entrant in the same field.
I'd agree, although considering our nation's decline into an authoritarian state I wouldn't trust a government competitor to be any better about protecting artistic works from censorship. Project 2025 makes the administration's feelings on this topic pretty clear.
The problem: what if the government fails to provide a competitive entrant?
We must NOT expect the government to excel at anything. We must assume it is, and will always be, a mediocre follower of established playbooks. To ensure the government accomplishes X, we must stress in the playbook that X is mandated and cannot be compromised in any way.
There's always the other, less visible but more lethal attack front..
the CFO whispering in the board's ear about chargebacks.
I think what we need to get a handle on is guys, or gals, telling their spouses, "Oh I have no idea what that charge is doing on our card!?!?!"
Of course it's going to be disputed. We need some method of attribution that is definitive. So that people can't go around doing that any longer.
Make no mistake, these companies are about money. Morality or no morality, if you take chargebacks reliably back in hand adult content would likely show itself to be more profitable than nearly every other segment of their business.
Would there still be a line? Absolutely. But it would be a line that nearly everyone would be in agreement with, and the line would exclude nowhere near the amount of content it does today.
Visa/Master collect higher fees from merchants with high chargeback rates, so I'm pretty sure the CFO is still happy. I agree with the fact that they are all about money, but don't see how they lose money on adult content. This still seems very suspicious to me.
Fee structures don't scale to infinity with chargeback risk. They cut off very high risk merchants. It's the same reason cloud providers need you to request GPUs instead of exponentially raising prices to absorb cryptocurrency fraud losses.
Yeah, maybe they say its because of chargebacks as PR speak, but payment processors already cover for that with higher fees & extra risk assessment fees for businesses with a higher rate of chargebacks. If they are losing money because of a higher rate of chargebacks from adult content, then they designed their fee structure poorly.
That would be a valid point, except something like Steam isn't going under anytime soon over chargebacks, and they could demand larger reserves if they're afraid of that.
I'd love to see this problem solved too, but let's not do it by nerfing people's ability to charge back. Chargeback is pretty much the only tool consumers have to fight a merchant's fraud and abuse against them, and it's already an opaque, flimsy tool. Also, it only exists by the grace of Visa, MasterCard and American Express. I don't think there is any law that compels them to even allow a customer to dispute a charge (although hopefully I'm wrong about that).
Visa and Mastercard were getting pressure from New York officials to put firearm purchases into their own category, something that the gun control advocates say could help stop potential mass shooters by red flagging large gun purchases. The initiative was stopped by Republican politicians and other lobbyists.
This goes back to the origin of cancel culture. Businesses hate risk, and here is a group presenting them with a perceived risk against their bottom line.
While this is effectively what is happening, and I agree with everything you said, I would like to add the primary reason why I've always heard that payment processors don't want to deal with adult content.
The primary reason is because adult content has a very high percentage of disputed charges.
Typically, it's because some person's partner notices some kind of porn on the credit card statement, and the purchaser claims they were "hacked" or something and then disputes the charge. This doesn't necessarily happen a large percentage of the time, but going from e.g. 0.1% disputes (or whatever the industry norm is) to 0.2% really torpedos profit margins.
There is also some skittishness about local laws regarding morality. Credit card payments cross a lot of boundaries and various localities have wildly differing laws about adult content and so the payment processors simply don't want to risk it.
I guess what I'm saying is: the payment processors seem like the symptom of a larger problem, not the root cause.
Source: I've never worked in payment processing, but I used to run an online business with spicy content, and had to navigate this to an extent.
> The primary reason is because adult content has a very high percentage of disputed charges.
If that was the driving force, the payment processors would be reacting to the businesses on their own initiative from the dispute stats. But that is not what is happening, they are responding to public moral panic campaigns, which indicates that disputes are not the driving force.
> This doesn't necessarily happen a large percentage of the time, but going from e.g. 0.1% disputes (or whatever the industry norm is) to 0.2% really torpedos profit margins.
Then you charge an additional fee in exchange for the MCC risk. This is easy.
It's not clear to me from the post what level this is happening on.
I assume by "payment processor" that they are not talking about Visa et al themselves but their merchant services provider.
The alternative to this is to find a merchant services company that specializes in adult industry. Something like https://ccbill.com/ which is going to end up costing you (or your customers) somewhere around 30% on all payments on your entire platform.
It's likely easier to strong arm these providers as they are typically pretty risk averse.
Then you charge an additional fee in exchange for the MCC risk. This is easy.
Sure, yeah. There are niche payment processors who specialize in such things. They charge exorbitant rates, like 20-30+%. I suspect that itch.io may consider working with somebody like CCBill to allow payments for adult content, and use a "normal" processor for everything else. That is what I would do, or at least attempt to do.
What we're really seeing is moral policing.
Effectively, yes. It is a huge problem.
But I would hope that anybody bothered by the problem would also want to understand the root causes. It's a little bit more complex than credit card companies being a bunch of prudes who think you shouldn't be playing weirdo dating sims.
You have to understand the economics of the payment processing industry, at least in broad strokes. Then you can understand why mainstream processors stay away from adult content.
- Profits are obviously large, but margins on any individual transaction are miniscule
- Disputes and chargebacks involve humans, which blows away the basic economical model there. The cost of 15 minutes of labor from a human being wipes out the profit on the next zillion transactions
- Adult content, while a big business in absolute terms, is a tiny drop in the bucket overall for these companies. They do not want to devote a bunch of resources for something that is, overall, probably like 0.1% or less of their overall revenue
> I suspect that itch.io may consider working with somebody like CCBill to allow payments for adult content, and use a "normal" processor for everything else. That is what I would do, or at least attempt to do.
Except AFAIK Visa/MasterCard are not okay with this. Because it's not actually about fraud or chargebacks.
> The cost of 15 minutes of labor from a human being wipes out the profit on the next zillion transactions
Chargeback fees are paid by the merchant for card-not-present transactions, regardless of outcome. It's not a real reason, regardless, since there'd be no point to go so fine-grained about what adult content is banned if all adult content has chargeback/fraud issues.
OK. So you believe that the credit card industry really really really wants to be in the business of moral policing.
I, on the other hand, have experiences with payment processing for NSFW material, and based on these experiences my understanding is that the CC industry doesn't particularly want to be in the moral policing business, but avoids NSFW stuff because of legal and profitability concerns. However, as an outsider I admittedly have no direct insight into what actually happens inside the CC industry.
So my question to you is -- what are YOU basing your opinion on?
Based on their behavior. Nothing they do makes sense otherwise.
> but avoids NSFW stuff because of legal and profitability concerns
This, for example. They weren't enforcing a law, and there's no "profitability" issue as they could simply make the fees and reserves higher. So they might say that's why, but it obviously isn't the case. If it were, they'd demand a lot more than a few random handfuls of games be removed, and would target a lot more than adult content. They also would be totally fine if you sell that content through another payment method, because it's not their liability or profit at stake. However, if they're trying to censor content that isn't to their liking, this behavior makes sense.
How did OnlyFans overcome this issue? They were pressured by a payment processor to stop allowing NSFW content, but reverse their decision. How did that pan out?
I don't know exactly how they did it, but OF was/is unique in that the adult content is their entire business model.
When your company is at risk of being essentially forcefully dissolved, you're gonna be desperate. I was fully expecting them to tell Visa to fuck off and just switch to a different payment processor, because that's more economically viable than complying with Visa.
Maybe they threatened Visa with legal action and Visa felt that it was too risky, lest they lose their entire censorship operation. Just speculation.
I'm guessing they were willing to accept conditions such as verification of performers and censorship of unwanted adult content. OnlyFans has the scale to not be fatally affected by these costs of operation. They can present themselves as a cleaner alternative to an unregulated website.
OnlyFans has an insane amount of rules about what's allowed or not. And suspends and bans performers left and right for the slightest BS complaint (apparently usually from a competitor to that performer). That's how it panned out.
That must not be comfortable for OF because this is the kind of insanity that will make every performer keep looking for plausible alternate intermediaries so as to ditch OF. OF makes it because they are by far the largest source of traffic for performers.
It's easy: https://simplebeen.com/onlyfans-statistics/ OnlyFans is so big in the US and so widely used in the US (94 million active accounts) which is about 28% of the population (with the caveat that some people might have multiple accounts). It's too big to fail. The American economy will fail and the government needs to bail it and nationalize it as a public goods service. /s
It's either that or shady backroom deals with Visa.
I hate to point out that we have completely free payment options (way too free for most) that could prevent all of this based on b***** technology. But then again maybe itch would get blackmailed even harder by the currently leading payment companies if they were to adopt b***** payments. So only with huge customer demand for free payments could they switch.
I thought you were going for direct bank to bank operations.
I think these are currently the most practical and promising way to get out of the credit card duopoly's influence. It is more onerous on KYC check, but that sounds like a smaller price than a paid service just not existing at all.
Customer protection isn't supposed to come from private third parties in the first place.
Look at it from this angle: why is VISA or Stripe the arbiter of disputes between you and Netflix ? If Netflix made you pay a fee that is not part of your contract or you didn't initiate, you should be able to retrieve that money without asking a racket business to cover you.
And while banks handle fraud issues, arguably they shouldn't be the one reading your contracts and deciding how to interpret it. Some customer agency or small claims court should be more fitting ?
Perhaps you're in a place where that just wouldn't work, fair enough, but the issue should be on why you don't have these laws or institution, not why there's no private middle-men fixing the deals.
> Some customer agency or small claims court should be more fitting? Perhaps you're in a place where that just wouldn't work, fair enough, but the issue should be on why you don't have these laws or institution, not why there's no private middle-men fixing the deals.
In the US, this is effectively non-existent these days.
Best case, now rare, there isn’t an arbitration clause in the EULA, so you have individuals suing companies in small claims.
The problem there is scale.
A company can screw over a lot more people than people will spend time pushing back against a company. Because fundamentally, a company doesn’t give a shit about maintaining a relationship with an angry customer.
The benefit of using payment intermediaries to run arbitration is that the company does want to continue having a relationship with them and is therefore incentivized to care more about the case than they would otherwise.
Granted, there are a lot of ills from payment processors too! But waving a wand and suggesting bank to bank transfers alone fixes the issue is naive.
I find it interesting to want speed in deciding who should get screwed in a transaction.
There are economic advantages in people giving around their payment information, but the social impacts (the very existence of Visa/Mastercard and their influence on businesses or prices) aren't worth it IMHO.
IMHO people should be responsible of how they handle the keys to their money, and better tools should be given to secure and manage that, instead of a Big Brother like middlemen.
I mean, you don't pay cash at a restaurant with a string stuck to your money so you can pull it back three months after, because arguing with the restaurant feels too inefficient.
> If Netflix made you pay a fee that is not part of your contract or you didn't initiate, you should be able to retrieve that money without asking a racket business to cover you.
Allowing customers to claw back money unilaterally opens the door for customers to make a purchase, receive the product, then fraudulently take their money back.
There needs to be a third party in the middle to determine if a chargeback is fraudulent. Chargeback fraud already exists, and what you're proposing makes the problem significantly worse.
This is an industry where chargebacks don't make sense. You either buy and pay or you don't and if you're on the fence, then don't. The only necessary intermediary is a trustworthy online shop/platform with a reasonable refund policy.
The solution to that is requiring your PIN, 2FA and ML-powered suspicious transaction alerts for each transaction. It's actually not as cumbersome as it sounds and takes less than five seconds at its best; UPI in India has perfected it.
Another reason for chargebacks is fraudulent merchants. If somebody sells me a fake item, I highly doubt they are going to willingly refund me when I complain to them about it.
That should either be handled by a court or customer protection action agency, or by your private insurance (basically like how it works with cash transactions)
Baking it into the payment processing warps the whole situation.
Crypto moves the problem from payment providers like Visa to central exchanges like Coinbase. Until you have a completely decentralized ecosystem built around crypto, you run into trouble when offramping to fiat. If I recall, backpage accepted bitcoin when Visa dropped them, but it was way too much hassle to be useful. If you could pay rent and utilities and buy food using some sufficiently decentralized token, crypto may become a viable alternative.
The principle should be that it shifts the problem to payment providers who can be switched out for other payment providers seamlessly. The providers are motivated to behave ethically because you have the option of going elsewhere.
Paying with crypto is still not very usable but you can still do it directly which limits the degree of extortion that can be applied. I think it will get better as it ceases to be 'interesting' and people develop tools that just work rather than try to revolutionize your life.
The interesting thing about cryptocurrencies is using them directly, i.e. when users have their own wallets under their full control. Then it's magical when you make a transaction to somebody and think that nobody is censoring, filtering, moderating or rejecting it in any way. Oh and no PII either.
crypto has well and truly poisoned its own well here, with the sheer number of scams and fraud on the various platforms. It's also hella expensive as a way to take payments, since you usually have 2x exchange fees as well as the network transaction fees on a payment.
Crypto didn't do that. Investment bros did. Pretty much everything created after 2015 is a scam and hardly related to cryptocurrency at all. Just traditional investment/scam types moving in and adopting the name/language for popularity.
But you're right about the outcome from this. Most people don't know the difference, were only exposed to the post-2015 scams, and just assume all cryptocurrency is a scam.
>So why didn't crypto block or ban them from doing these scams using their technology?
And here we have a neat example of how this site, called "hacker news" of all things, can sometimes take on a absurdly idiotic hive-mind approach to some technology X where brainless hostility combines with laughable ignorance to reject something without knowing the first thing about it, even when the thing is emphatically a practical solution to a widely discussed problem.
UPI in India, Pix in Brazil, Interac in Canada, various iBAN schemes in Europe, WeChat and AliPay in China. Everywhere but the US has good options that aren't the credit card duopoly or the scam / crime filled bitcoin.
These examples aren't quite apples-to-apples. Yes, I can e-transfer money to other people in Canada I know or even pay small businesses for their services. But that only applies to one country. When I buy something on Steam or Itch, I must send money abroad, and the same is true for countless other things. And what options do you have for that besides the Visa/MC duopoly or crypto? I'm not a crypto user, but I see it as the only realistic future way of moving money to buy anything that the holy payment processors deem icky, barring the near-zero chance of them being regulated in the US or a popular competitor suddenly appearing.
Steam collects GST so they've already figured that out.
But your basic thesis is correct, it's not apples-to-apples. Debit vs credit is a significant difference. Another major issue is that while the regulations for any one of the alternatives on my list aren't particularly onerous, I imagine the superset of all the regulations/contracts might well be.
I'm not sure how exactly Steam pays local taxes, be it a Canadian third party that siphons the extra money for them or if they just send each region the tax money, but either way the money is flowing abroad at some point. Then there's individual transactions. If you need to internationally send someone money and the payment processors say no for any reason, you're largely SOL. I guess you can mail cash directly, while that still exists. But my point that you can basically only go either through Visa/MC or through crypto stands, even though I don't particularly love either.
Aren't they already collecting through local entities in the first place and then converting them to dollars? Also, Steam does support local card companies like RuPay in India.
Those aren’t clearing houses, those are fintech services built on top of clearing houses. They still rely on credit card duopoly or ACH reconciliation between banking institutions. Don’t kid yourself.
Not at all, UPI is literally just a platform for direct mobile bank-to-bank payments. No credit cards or duopolies involved, just a public-sector behemoth.
UPI is just fast ACH. It’s still built on top of IMPS, which is regulated by RBI. India’s version of US Treasury. A more mobile and grass roots version of Plaid.
All it takes is for RBI to say “This kind of content isn’t allowed” and you’d have the same effect. Here in the US, we didn’t build an IMPS like system until way too late in the game.
You wouldn't, because the business model and the incentives are different. If anything, free chargebacks make consumers careless and turn them into freeloaders.
Or how about actually elected alternative: government regulating these payment providers not to do this? (At least in countries where elections have total cap for donors per party.)
Both Visa and Mastercard are American companies. What do you think the likelihood is that the US in its current situation regulates them? As for other countries, I'm not even sure they have the leverage when faced with an 'essential' duopoly that everyone already relies on.
> I'm not even sure they have the leverage when faced with an 'essential' duopoly that everyone already relies on.
The fact they are so essential should give the nations all the leverage - "Your service has become too important to the function of our nation, so we are nationalizing your company and making it a public service."
Time to stop being afraid of doing that - if a private company is THAT important to the continuing functioning of your society, then that company has lost their right to be a private for profit business and needs to be nationalized, at least partially to keep them in check and make sure they are following the laws of the nations they operate in.
We, as societies, should have never allowed any corporation to become more powerful than their governments.
Right, that's why the whitepaper is titled "Bitcoin: A Peer-to-Peer Electronic Cash System". The idea is to bring many of cash payments features to the digital world, which are not possible with payment systems with intermediaries: uncensorability (nobody can keep you from transferring cash); non-reversability (no chargebacks, escrow systems are optional); low fees (contentious because BTC decided not to scale on-chain, but that was Satoshi Nakamoto's idea.
If you want a somewhat simple experience you still need to go through the exchanges which could also be coerced into censorship. I guess you can move the coins through multiple wallets but how many people want to jump through those hoops
They aren't free as in beer, which is part of the problem. (The other major part being that the people who build them are in love with deflation, which makes them extremely hard to use as a currency.)
There was also a recent class action lawsuit by business owners against both Visa and Mastercard accusing them of anti-trust violations, that was settled for $5.5B.
It's not yet clear how seriously the Trump Administration will take the lawsuit against Visa. There is mounting evidence and sentiment that both of these companies are not just self-appointed censors, they're also criminal entities who use their market power to extort and abuse both their customers and partners. Now more than ever it's important to contact whoever represents you in the government and tell them that a settlement won't cut it and you've had enough of criminal enterprises dictating the future of both United States and world society. There simply aren't any other solutions to organized corrupt power at this scale, it's either hand the world over to a tyranny ruled by this growing form of organized corporate crime, or act through the public institutions that we as the People have endorsed to represent us.
Taking one look at the FCC, Americans should be more worried about this administration’s willingness to leverage any government power into coerced private industry action favorable to them.
‘That DoJ action? Might go away if you just _____.’
One of the most concerning parts of this is that these are global companies. Regardless of local laws, these companies still wield enormous power. This is also a sovereignty and self determination issue.
The thing about them being moral arbiters isn't even imagined. They have had plenty of time to figure out a business model that serves these specific markets without cutting them off altogether. Instead, the payment processors are always threatening to cut off all access even to content that does not infringe upon their terms if there is even a single violation by mistake that gets remediated quickly or the payment method is disabled for the high risk content to begin with.
I didn’t realize we knew who owned the Satoshi cold wallets! When did they figure that out, and how?
What definition of traceable are you using? I meant, to a specific person (miner) who wrote value into the system — which could also include a specific cash register or ATM that traded currency for coin, depending on whether it’s a postpaid or a prepaid Visa/MC that we’re comparing to, I suppose. They only charge a few percent extra overhead to issue relatively anonymous prepaid cards, which people either choose to pay or not, but the coin systems have traditionally been operated without the identifiable, lower-overhead, lower-risk tier of users that could have supported a viable postpaid network competitor. To the best of my understanding — am I wrong here? — all coin systems are exclusively unconcerned with the user’s identity other than their password, so their traceability is close to zero without a criminal investigation and wrench takeovers, which makes it adoption almost wholly unviable.
(US folks trying to convert coins to currency without paying taxes may differ, but that’s a relatively new regulatory push and has no particular impact on the majority of worldwide coin users.)
Bitcoin is only pseudonymous. Inside the network everything is public and traceable, but not personally identifiable.
Where you lose anonymity is with inflows and outflows to the real world. You may only be able to buy cryptocurrency from a KYC seller. Or your payment can be traced. Or you buy something from an already identified seller. Ironically, a lot of the anonymity of Bitcoin comes from the anonymity of physical cash.
If employers started paying out salaries using Bitcoin, it would suddenly be really easy to identify wallets.
What I am surprised about the most is why do these payment processors care about these moral issues this much? They are a profit-making entity and money is money -- the more money you process, the more profit you get. What is the downside for allowing NSFW content be bought using their processor? Are the boards/CEOs of these companies puritans? Aren't they handing more credibility to these alternatives like Bitcoin Lightning or Monero with actions like these?
This isn't new, payment processors have exercised this kind of control over online content as long as people have been charging for content on the Internet.
> By inserting themselves as moral arbiters for the digital economy and free expression on the internet, these processors are creating a very strong case for being designated as common carriers or being subjected to much stricter public utility regulation.
It's maddening that they are not common carriers at this point. In many ways it is very difficult - if not impossible - to operate in the world nowadays without access to payment infrastructure.
This should also come as a lesson to all the people that base their rationale in "government icky" moronic arguments. Corporations are all too happy to abuse consumers in the lack of proper regulations. While the government should not get blind faith, there are multiple avenues to scrutinize and question the government. Corporations on the other hand can and will fuck over everyone mercilessly without proper regulations.
> This should also come as a lesson to all the people that base their rationale in "government icky" moronic arguments. Corporations are all too happy to abuse consumers in the lack of proper regulations. While the government should not get blind faith, there are multiple avenues to scrutinize and question the government. Corporations on the other hand can and will fuck over everyone mercilessly without proper regulations.
Whoever said governments oppose this development? What makes you they're not ones holding the cards?
This is a perfect case study in why AI coding tools aren't replacing professional developers anytime soon - not because of AI limitations, but because of spectacularly poor judgment by people who fundamentally don't understand software development or basic operational security.
The fact that an AI coding assistant could "delete our production database without permission" suggests there were no meaningful guardrails, access controls, or approval workflows in place. That's not an AI problem - that's just staggering negligence and incompetence.
Replit has nothing to apologize for, just like the CEO of Stihl doesn't need to address every instance of an incompetent user cutting their own arm off with one of their chainsaws.
Edit:
> The incident unfolded during a 12-day "vibe coding" experiment by Jason Lemkin, an investor in software startups.
Lemkin was doing an experiment and Tweeting it as he went.
Showcasing limitations of vibe coding was the point of the experiment. It was not a real company. The production database had synthetic data. He was under no illusions of being a technical person. That was the point of the experiment.
It’s sad that people are dog piling Lemkin for actually putting effort into demonstrating the same exact thing that people are complaining about here: The limitations of AI coding.
> Showcasing limitations of vibe coding was the point of the experiment
No it wasn't. If you follow the threads, he went in fully believing in magical AI that you could talk to like a person.
At one point he was extremely frustrated and ready to give up. Even by day twelve he was writing things "but Replie clearly knows X, and still does X".
He did learn some invaluable lessons, but it was never an educated "experiment in the limitations of AI".
> I did give [an LLM agent] access to my Google Cloud production instances and systems. And it promptly wiped a production database password and locked my network.
He got it all fixed, but the takeaway is you can't YOLO everything:
> In this case, I should have asked it to write out a detailed plan for how it was going to solve the problem, then reviewed the plan and discussed it with the AI before giving it the keys.
His “company” was a 12-day vibe coding experiment side project and the “customers” were fake profiles.
This dogpiling from people who very obviously didn’t read the article is depressing.
Testing and showing the limitations and risks of vibe coding was the point of the experiment. Giving it full control and seeing what happened was the point!
I don't think people are claiming he was not experimenting as much as they are claiming he was overtly optimistic about the outcome. It seemed like he went in with the notion that AIs are somehow thinking machines. I don't think that's an objective sentiment. An unbiased researcher would go in without any expectation.
> In an episode of the "Twenty Minute VC" podcast published Thursday, he said that the AI made up entire user profiles. "No one in this database of 4,000 people existed," he said.
> That wasn't the only issue. Lemkin said on X that Replit had been "covering up bugs and issues by creating fake data, fake reports, and worst of all, lying about our unit test."
And a couple of sentences before that:
> Replit then "destroyed all production data" with live records for "1,206 executives and 1,196+ companies" and acknowledged it did so against instructions.
So I believe what you shared is simply out of context. The LLM started putting fake records into the database to hide that it deleted everything.
It's not an experiment if you're using it in production and it has the capability of destroying production data. That's not experimenting, that's just using the tool without having tested it first.
I think it just replaces something that's fairly easy (writing new code) with something that's more difficult (code review).
The AI is pretty good at escaping guardrails, so I'm not really sure who should be blamed here. People are not good at treating it as adversarial, but if things get tough it's always happy to bend the rules. Someone was explaining the other day about how it couldn't get past their commit hooks, so it deleted them. When the hooks were made read-only, it wrote a script to make them writable so it could delete them. It can really go off the rails quickly in the most hilarious way.
I'm really not sure how you delete your production database while developing code. I guess you check in your production database password and make it the default for all your CLI tools or something? I guess if nobody tells you not to do that you might do that. The AI should know better; if you asked, it would tell you not to do it.
The AI did not and cannot escape guardrails. It is an inference engine where the engine happens to sometimes trigger outside action. These things aren't intelligent or self-directed or self-motivated to "try" anything at all. There weren't any guardrails in place and that's the lesson learned. These AI systems are stupid and they will bumble all over your organization (even if in this case the organization was fictitious) if you don't have guardrails in place. Like giving it direct access to MPC-shred your production database. It doesn't "think" anything like "oops" or "muahaha" it just futzed a generated token sequence to shred the database.
The excuses and perceived deceit are just common sequences in the training corpus after someone foobars a production database. Whether its in real life or a fictional story.
I don't agree with this. Yes, the guy isn't the sharpest tool in the shed, that much is clear. Still, if an intern can delete prod, you wouldn't say that the problem is that he wasn't careful enough: that's a massive red flag.
At a minimum Replit is responsible for overstating the capabilities and reliability of their models. The entire industry is lowkey responsible for this, in fact.
I think we're mostly in agreement here. You're absolutely right about the intern analogy - that's exactly my point. The LLM is the intern, and giving either one production database access without proper guardrails is the real failure.
Your point about AI industry overselling is fair and probably contributes to incidents like this. The whole industry has been pretty reckless about setting realistic expectations around what these tools can and can't do safely.
Though I'd argue that a venture capitalist who invests in software startups should have enough domain knowledge to see through the marketing hype and understand that "AI coding assistant" doesn't mean "production-ready autonomous developer."
>"delete our production database without permission"
It did have permission. There isn't a second level of permissions besides the actual access you have to a resource. AI isn't a dog who's not allowed on the couch.
> The fact that an AI coding assistant could "delete our production database without permission" suggests there were no meaningful guardrails, access controls, or approval workflows in place. That's not an AI problem - that's just staggering negligence and incompetence.
Why not both?
1) There’s no way I’d let an AI accidentally touch my production database.
2) There’s no way I’d let my AI accidentally touch a production database.
To a non-developer, or no code review, couldn't the AI model also generate buggy code that then made it's way to production and deleted data just the same?
> a perfect case study in why AI coding tools aren't replacing professional developers anytime soon
This is assuming the companies that are out to "replace developers" aren't going to solve this problem (which they absolutely must if they're any serious like Replit is as they moved quickly to ship isolating the prod environment from destructive actions ... over the weekend?).
> just like the CEO of Stihl doesn't need to address every instance of an incompetent user cutting their own arm off with one of their chainsaws
Except Replit isn't selling a tool but the entire software development flow ("idea to software"). A good analogy here is an autonomous robot using the chainsaw cutting its owner's arm off instead of whatever was to be cut.
> Except Replit isn't selling a tool but the entire software development flow ("idea to software"). A good analogy here is an autonomous robot using the chainsaw cutting its owner's arm off instead of whatever was to be cut.
I don't think users should be blamed for taking companies at face value about what their products are for, but it's actually a pretty bad idea to do this with tech startups. A product's "purpose" (and sometimes even a company's "mission") only lasts until the next pivot, and many a product ends up being a "solution in search of a problem". Before the AI hype set in, Replit was "just" a cloud-based development environment. A lot of their core tech is still centered on managing reproducible development environments at scale.
If you want a more realistic picture of what Replit can actually do, it's probably useful to think of it as "a cloud development environment someone recently plugged an LLM into".
The only thing is that if the Stihl tools would automatically turn on without you turning them on and start mowing the lawn and, in the process, also mow down your pet or hurt your arm, then they are probably liable.
But replit isn’t just a coding assistant - it’s value is that it handles all the associated parts of launching a web app. It manages api secrets, hosts the app, does user authentication, etc. And its target user is “semi-technical”, you don’t even see the code it writes by default.
Creating a db and not accidentally permanently deleting it is one of the capabilities it should have.
An important devtool was blocked at one point because an agent had another AI agent code review its changes and it saw nothing wrong with an obvious bug. Whoever set up that experiment was a real genius.
> but because of spectacularly poor judgment by people who fundamentally don't understand software development or basic operational security.
> Replit has nothing to apologize for
I completely disagree. Replit is at the forefront of the "build apps with AI" movement - they actively market themselves to non-coders, and the title on their homepage is literally "Turn your ideas into apps".
So it would be bit rich of them to market these tools, which happen to fail spectacularly at inopportune times, and then blame their users for not being experienced with secure code deployment practices.
I do agree we're in a bubble, and the fundamental limitations of these kinds of tools is starting to become more apparent to the public at large (not just software engineers), but that doesn't mean that we should let those at the forefront of blowing this bubble off the hook.
Can you blame him? Listening to the latest AI slop hype on twitter and elsewhere, you’d walk away thinking that LLMs have equivalent performance to humans when it comes to coding tasks. Just because it can one shot fizzbuzz or make a recipe app. (And if you disagree, you’re a hater!)
“You’re just not doing it right. Have you tried upgrading to Claude 9000 edition/writing a novels worth of guardrails/using this obscure ‘AI FIRST’ IDE/creating a Goldberg machine of agents to check the code?”
> The fact that an AI coding assistant could "delete our production database without permission" suggests there were no meaningful guardrails, access controls, or approval workflows in place. That's not an AI problem - that's just staggering negligence and incompetence.
I mean... it's a bit of both. Yes, random user should not be able to delete your production database. However, there always needs to be a balance between guard rails and the ability to get anything done. Ultimately, _somebody_ has to be able to delete the production database. If you're saying "LLM agents are safe provided you don't give them permission to do anything at all", well, okay, but that rather limits the utility, surely? Also, "no permission to do anything at all" is tricky.
This analysis demonstrates what we call a "Fachidiot" problem in German - deep expertise in one domain coupled with troubling blindness to how that domain intersects with broader realities. The author's "just chill out" recommendation about permanent biological identifiers is about as reassuring as a nuclear physicist telling people not to worry about uranium enrichment because "it's mostly stable isotopes."
The "0.02% of your genome" framing is fundamentally misleading. Those ~640,000 SNPs aren't randomly scattered junk - they're specifically selected markers that correlate strongly with ancestry, health predispositions, pharmacogenomic responses, and familial relationships. The intelligence value isn't in raw percentage coverage but in what can be inferred from those curated data points. And you can infer an awful lot from these targeted markers.
The comparison to browsing history or social media activity is pathetically cavalier. We're talking about immutable biological data that:
- Links you to family members who never consented to participate
- Allows inference about relatives' genetic predispositions based on your data alone
- Has unknown future applications as genomic analysis capabilities advance
- Cannot be changed, deleted from your actual biology, or "opted out of" once the implications are understood
Understanding genomes doesn't automatically confer understanding of threat modeling, data permanence, or the creative ways malicious actors exploit seemingly "harmless" datasets. The recommendation treats a permanent biological identifier with the same casual attitude as a recoverable password breach.
This is exactly the kind of expert blind spot that leads to catastrophic privacy failures decades down the line.
You've nailed the pattern. And the regulatory environment actively enables it through what amounts to a pricing model for violations.
When the EPA or county eventually fines xAI for running unpermitted turbines for a year, it'll be what - a few hundred thousand? Maybe low millions if they're feeling particularly spicy? For a company chasing the AI gold rush with Musk's billions behind it, that's not a penalty - it's a rounding error. It's cheaper to violate now and pay later than to wait for permits while competitors build capacity.
And unfortunately, this isn't a bug in the regulatory system - it's the feature. When fines are pocket change relative to potential profits, "ask forgiveness not permission" becomes optimal strategy. The only things that actually change behavior are existential threats (criminal charges, shutdown orders) or catastrophic reputational damage - and Musk has proven immune to both.
Until penalties scale with company valuations or include mandatory shutdowns, this playbook will keep printing money. Memphis residents get respiratory disease, xAI gets compute capacity, and regulators get a check that wouldn't cover a week of Musk's jet fuel.
Violations should result in a government ownership stake not monetary fines. That way if you prove yourself to not follow the rules, the government has a seat inside your business with enhanced powers to follow what you are doing. It also punishes the people most likely to force a change, the ownership, by diluting their ownership/value.
The root problem here is that the regulatory environment has been (in bits and pieces over the years) set up to be a checkbox exercise for those on the inside and exclusionary toward new entrants. The rules and process of that side of things are not subject to serious oversight so they can be as exclusionary and rent-seekey as the lobbyists and the bureaucrats want, potentially preventing any new entrants.
Musk has, very rightly, realized that the punishment track is subject to far more political and public scrutiny than the approval track and that if you are doing things that people want like building cars and sending rockets into space the scrutiny will prevent them from doing anything to financially cripple your operation.
Ironically, this is playbook that's common at the complete opposite end of the economic activity spectrum where there literally isn't the money to comply. People run unlicensed businesses, do un-permitted work, violate minor regulations, etc, etc, all the time. And by the time anyone figures it out, if anyone ever figures it out, it's too late.
The article reports that xAI operated gas turbines without required permits and pollution controls for over a year. That's not a "hit piece" - it's documenting regulatory violations with thermal imaging evidence and official permit records.
If this were actually a hit piece on Musk, wouldn't his name be in the headline? Instead, it's mentioned once in paragraph four as standard journalistic context - exactly how articles about AWS mention Bezos. And yes, the affected neighborhoods are predominantly Black - that's a factual demographic statement about who bears the health burden, not "playing the race card." Environmental justice reporting routinely documents how industrial pollution disproportionately impacts minority communities.
Your logic seems to be: "Musk has done good things for the environment globally, therefore local reporting about his company's regulatory violations must be a hit piece." That's a non sequitur. Both can be true - Tesla can advance EV adoption while xAI can violate air quality regulations in Memphis. One doesn't negate the other.
The real tell here is that you're more upset about accurate reporting than about a tech company potentially exposing already-vulnerable communities to additional pollution without proper permits. Your priorities seem to be incredibly misplaced, if you ask me.
How's your Tesla Model 3 doing, by the way? Not that I'd want to imply your choice of transportation has anything to do with your incredibly unfavorable interpretation of this article and defense of Musk. But I have to wonder if your perspective would be different if this facility was in your neighborhood rather than South Memphis, or if you drove a Hyundai.
> How's your Tesla Model 3 doing, by the way? Not that I'd want to imply your choice of transportation has anything to do with your incredibly unfavorable interpretation of this article and defense of Musk.
My Model 3 is great for 3.5 years and 110,000 km. At the time I bought it I felt it was too expensive for what it offered, but as I mentioned I've been advocating against carbon for decades and this was the first electric car available in my country. I bought one of the very first to arrive.
And yes, you are implying that somehow the car I drive is influencing my defence of Musk. If you had spent a bit more time examining my post history, you would have discovered that I am a huge SpaceX fan. That would have been at least a plausible argument in favour of your position. But alas, neither does that really affect how I view the article or Musk.
> And yes, you are implying that somehow the car I drive is influencing my defence of Musk.
Of course I was. The sarcasm wasn't exactly subtle.
> But alas, neither does that really affect how I view the article or Musk.
The fact that you believe this while simultaneously demonstrating the opposite is genuinely fascinating.
You opened with "I'm no Elon fan" and then revealed you bought one of the first Teslas in your country and are a "huge SpaceX fan." That's like a Yankees season ticket holder insisting their fandom doesn't affect how they judge controversial umpire calls.
Here's what I think happened: You've spent 3.5 years and 110,000 km in that Model 3, feeling like you're part of something transformative - saving the planet, advancing humanity to Mars, whatever narrative helps justify the premium you acknowledge overpaying. When criticism emerges about Musk's companies, it doesn't just challenge a corporation - it threatens the story you tell yourself about your choices.
The overpayment actually worsens this. You can't even tell yourself, "It was just a practical decision." Instead, you've had to construct meaning around that premium - that you're supporting something bigger, something important. The sunk cost isn't just financial; it's emotional and ideological.
So when an article documents xAI operating turbines without permits in already-polluted neighborhoods, you can't engage with those facts directly. Instead, you immediately pivot to Musk's environmental legacy, as if Tesla's global impact creates some cosmic pollution credit karma system where South Memphis residents should accept respiratory disease as acceptable collateral damage for you feeling great about your reduced carbon footprint.
The most telling part? You attacked the article for mentioning two basic facts that appear in literally every single environmental justice story: who owns the company (standard disclosure) and which communities are affected (relevant demographics). You called factual reporting a "hit piece" not because it was inaccurate, but because it made the guy who bought the companies that make the car you drive and the rockets you like to see go 'whoosh' look bad.
You claim the article is biased while demonstrating textbook motivated reasoning. You weren't reading critically - you were reading defensively, scanning for any angle to discredit reporting that challenges your worldview. The "race card" accusation was particularly desperate, as if noting which communities bear pollution burdens is somehow more offensive than the pollution itself.
The real tragedy here is that you could simply say, "Tesla's environmental benefits are real AND xAI should follow permit requirements." Both can be true! But that would require acknowledging that Musk's companies can do wrong, which apparently conflicts too strongly with whatever identity you've constructed around owning a Tesla and being a "huge fan" of SpaceX.
Also, it's pretty interesting that you felt compelled to respond to the little jab about owning a Tesla but chose not to engage with any of my factual criticism. Because that's the tiny part of my comment that threatened the identity you've built up. I'd encourage you to examine that.
You claim decades of carbon advocacy, yet your first instinct was to attack accurate reporting about unpermitted emissions. What exactly is your advocacy worth when you'll throw vulnerable communities under the bus the moment it conflicts with your parasocial relationship with a billionaire (or his companies)?
The saddest part? I genuinely believe you think you're being objective here.
Happy to hear the Model 3 is treating you well, though.
I love the tragedy you just wrote. Considering what you know about yourself and what you know about me, it describes a lot more of how you see the world than how I see the world.
I just realized I don't even know what "disproportionately impacts" actually means. Disproportionate to what? Does it simply mean bigger impact or bigger-than-predicted-by-an-oracle impact? Because I'm quite sure that every bad thing on this planet impacts poor people more.
"Disproportionately impacts" means that the burden of pollution isn't randomly distributed - it's systematically concentrated in specific communities. In this case: predominantly Black neighborhoods in South Memphis already have asthma rates and cancer risks 4x the national average (per the article), and xAI added unpermitted turbines to that existing burden.
You're absolutely right that most hazards affect poor communities more. That's not a coincidence - it's the predictable result of power dynamics in zoning and enforcement decisions.
Your comment reads a bit like "water is wet, why mention it?" But most people living in clean-air zip codes have no idea their comfort of living depends on someone else's respiratory disease. They assume industrial siting is purely based on logistics or economics, not on which communities lack the political capital to fight back.
The whole point is that zoning decisions, permit enforcement, and industrial siting aren't random acts of nature. Rich neighborhoods get golf courses and poor neighborhoods get data centers with unpermitted turbines. That's not gravity - it's policy. Documenting these patterns isn't stating the obvious, it's the first step toward accountability. Because "that's just how things are" is exactly what those benefiting from the status quo want everyone to believe.
This is such transparently bad faith rhetoric it's almost impressive. You're trying to paint me as racist for pointing out systemic racial inequities. But sure, I'll bite.
You're pretending "race" and "politics" are separate categories, as if centuries of explicitly racial policy - slavery, Jim Crow, redlining, voter suppression - somehow exists outside of politics.
Black Memphis residents were systematically excluded from voting until the 1960s. Redlining prevented Black families from building wealth through homeownership. When your grandparents couldn't vote, buy homes in certain areas, or sit on zoning boards, that directly determines whether your neighborhood gets parks or pollution today.
Sometimes it helps to put concepts into a different context to understand them better, so maybe this analogy helps: When I point out that Palestinians in the West Bank can't effectively oppose settlement expansion because they're systematically excluded from political power, I'm not claiming Palestinians are racially inferior because they're "incapable of manipulating power dynamics" in their favor. I'm pointing out how systematic disenfranchisement creates predictable and unjust outcomes. And even if those barriers vanished tomorrow, Palestinians would still live with the accumulated consequences for generations.
Same principle in Memphis. Noting that unpermitted pollution affects 90% Black neighborhoods isn't claiming racial inferiority - it's documenting the predictable result of decades of deliberate exclusion from political power.
If you genuinely can't grasp how racially motivated systematic political disenfranchisement creates racial disparities, start with basic history.
I'm so glad that you touched an analogy whose framework I am familiar with.
Palestinians in the West Bank can not oppose Israeli settlement expansion for the same reasons that white New Yorkers can not oppose Indian reservations from building houses. The Palestinians have their lands on which they build their settlements (areas A and B) and the Israelis build their settlements in area C - as agreed in the mutual agreements signed in the 1990s. Note that some Palestinians also live in Israeli settlements, while no Israelis are permitted to live in the Palestinian settlements - Israelis can not even drive into area A under threat of both law and lynch. Note also that Israel's population is 20% Palestinian, and those citizens enjoy all benefits of law, court, and society as do so other Christian, Jewish, and Druze citizens of Israel.
> I'm so glad that you touched an analogy whose framework I am familiar with.
Oh, I'm delighted too. Because you actually went there and completely let the mask slip. And with such spectacular historical revisionism, you've accidentally proven my entire point about systematic disenfranchisement. Thanks.
Your "white New Yorkers can't oppose Indian reservations" analogy is so ass-backwards it belongs in a museum of colonial apologetics. Palestinians aren't the white New Yorkers here - they're the Native Americans watching settlers build on their ancestral land while being told it's a "mutual agreement." You've literally inverted colonizer and colonized to paint the occupying power as the victim. That's not just wrong; it's a perverse inversion of reality that would make Orwell weep.
But let's dissect your Oslo fiction: Area C comprises 60% of the West Bank, where Palestinians need permits (denied 98% of the time) to build homes, dig wells, or install solar panels on their own land. Meanwhile, Israeli settlements - illegal under international law - expand freely with full state infrastructure. Between 2009-2018, Israel approved 98 out of 4,422 Palestinian permit applications. That's a 2.2% approval rate. For comparison, Harvard's acceptance rate is 3.4%. It's literally easier to get into Harvard than to get permission to build a chicken coop in your own backyard if you're Palestinian. Calling this "mutual agreement" is like calling the Trail of Tears a "voluntary relocation program."
You conveniently omit that Israel controls all borders, airspace, water aquifers, electromagnetic spectrum, population registry, and movement between areas. Palestinians in Area A can't leave without Israeli permission, can't import basic goods without Israeli approval, and can't even collect rainwater without Israeli permits. The average Palestinian gets 73 liters of water per day - below the WHO's 100-liter minimum for basic dignity - while Israeli settlers luxuriate with 300 liters, filling their swimming pools while Palestinian children develop kidney problems from chronic dehydration. That's not autonomy - it's the world's most sophisticated open-air prison. But please, clutch your pearls harder about how you're oppressed because you can't vacation in Ramallah.
Your "20% Palestinian citizens with full rights" talking point? The Nation-State Law explicitly defines Israel as the nation-state of the Jewish people alone - apartheid codified in your Basic Law. The Admissions Committees Law lets 434 communities (43% of all Israeli towns) reject residents for "cultural incompatibility." Palestinian students get $8,400 per year while Jewish students get $12,000. Arab citizens own less than 4% of land despite being 20% of the population. There are ZERO Arab communities among Israel's 135 wealthiest localities. But sure, tell me more about those "equal benefits" while Bedouin villages that predate your state get demolished for the 200th time for lacking permits that are impossible to obtain.
The beautiful part is you've perfectly demonstrated my Memphis point. When I used Palestine as an example of how systematic exclusion from political power creates predictable disparities, you couldn't resist defending apartheid. You literally saw "systematic disenfranchisement" and thought "I should explain why that's actually good, actually."
So thank you, genuinely, for proving that whether it's Black families in South Memphis breathing carcinogens or Palestinian families in South Hebron rationing water, there will always be someone like you - comfortable, privileged, and utterly convinced that the boot on someone else's neck is there for their own good.
IMO, the paper commits an omission that undermines the thesis quite a bit: context window limitations are mentioned only once in passing (unless I missed something) and then completely ignored throughout the analysis of SLM suitability for agentic systems.
This is not a minor oversight - it's arguably, in my experience, the most prohibitive technical barrier to this vision. Consider the actual context requirements of modern agentic systems:
- Claude 4 Sonnet's system prompt alone is reportedly roughly 25k tokens for the behavioral instructions and instructions for tool use
- A typical coding agent needs: system instructions, tool definitions, current file context, broader context of the project it's working in. Additionally, you might also want to pull in documentation for any frameworks or API specs.
- You're already at 5-10k tokens of "meta" content before any actual work begins
Most SLM that can run on consumer hardware are capped at 32k or 128k contexts architecturally, but depending on what you consider a "common consumer electronic device" you'll never be able to make use of that window if you want inference at reasonable inference speeds. A 7b or 8b Model like DeepSeek-R1-Distill or Salesforce xLAM-2-8b would take 8GB of VRAM at Q4_K_M Quant with Q8_0 K/V cache at 128k context. IMO, that's not just simple consumer hardware in the sense of the broad computing market, it's enthusiast gaming hardware. Not to mention that performance degrades significantly before hitting those limits.
The "context rot" phenomenon is real: as the ratio of instructional/tool content to actual tasks content increases, models become increasingly confused, hallucinate non-existent tools or forget earlier context. If you have worked with these smaller models, you'll have experienced this firsthand - and big models like o3 or Claude 3.7/4 are not above that either.
Beyond context limitations, the paper's economic efficiency claims simply fall apart under system-level analysis. The authors present simplistic FLOP comparisons while ignoring critical inefficiencies:
- Retry tax: An LLM completing a complex task with 90% success rate might very well become 3 or 4 attempts at task completion for an SLM, each with full orchestration overhead
- Task decomposition overhead: Splitting a task that an LLM might be able to complete in one call into five SLM sub-tasks means 5x context setup, inter-task communication costs, and multiplicative error rates
- Infrastructure efficiency: Modern datacenters achieve PUE ratios near 1.1 with liquid cooling and >90% GPU utilization through batching. Consumer hardware? Gaming GPUS at 5-10% utilization, residential HVAC never designed for sustained compute, and 80-85% power conversion efficiency per device.
When you account for failed attempts, orchestration overhead and infrastructure efficiency, many "economical" SLM deployments likely consume more total energy than centralized LLM inference. It's telling that NVIDIA Research, with deep access to both datacenter and consumer GPU performance data, provides no actual system-level efficiency analysis.
For a paper positioning itself as a comprehensive analysis of SLM viability in agentic systems, sidestepping both context limitations and true system economics while making sweeping efficiency claims feels intellectually dishonest. Though, perhaps I shouldn't be surprised that NVIDIA Research concludes that running language models on both server and consumer hardware represents the optimal path forward.
The core vision here is something I can absolutely get on board with, but the execution fundamentally seems to misunderstand why "home-cooked software" doesn't exist.
The target audience problem is immediately apparent: they're building a product for people who can write JavaScript event handlers but somehow can't 'npx create-react-app'. This demographic is approximately twenty-seven people.
More critically, they've confused the problem space, in my opinion. The barrier to personal software isn't the lack of drag-and-drop of JavaScript environments. It's that software, unlike a meal or a home-made sweater, comes with an implicit support contract that lasts forever. When I cook dinner for friends, I'm not on the hook when they're hungry again next Tuesday. When my grandma knits a home-made sweater, she's not expected to keep supporting it in case I want to add a hood.
When the attendance counter has a race condition and the venue goes over capacity, guess who's getting the angry call when the fire marshal shows up for an inspection?
The "redistributing the means of software production" rhetoric rings particularly hollow from what appears to be a proprietary SaaS in the making. You don't democratize software by creating another walled garden. And their claim about "owning your data" while simultaneously offering real-time sync is either technically naive or deliberately misleading. How is the attendee counter example's counter state shared between users, if the data lives in local storage? I don't see how you can have both without server infrastructure that they control.
The actual nearest thing to their vision already exists and has millions of users: Spreadsheets. Non-technical people build complex, business-critical "applications" in spreadsheets every day. No JS required, local-first, and everyone already knows how to use it. But "we made a worse Excel" doesn't sound as revolutionary, I suppose.
The real unsolved problem isn't making it easier to create small apps - I build small tools for myself all the time. It's making them sustainable without creating permanent maintenance burdens. And that is not something you can solve with a new framework or SaaS - it's at it's core, a social issue.
> they're building a product for people who can write JavaScript event handlers but somehow can't 'npx create-react-app'
There's an enormous gap in complexity, required skill, etc between creating these Scrappy applications and building the whole app in React, and then getting it deployed, complete with real time syncing, authorization (as they've implemented with their "frames" and everything. It's at least an order of magnitude greater in effort.
> software, unlike a meal or a home-made sweater, comes with an implicit support contract that lasts forever
I don't think it always has to. It tends to be that way because so far, the lift to create a functioning cross-device multi user application has been high enough that the economics of it requires centralized teams of specialists to build an application for many hundreds of people.
If you lower the stakes really low to the point where the app is as serious as a spreadsheet, then compare it to spreadsheets. Almost everyone has dozens of really casual spreadsheets, many households have shared google sheets for particular, short-lived or casual or constantly changing use-cases. When you slap together a spreadsheet with your partner, you aren't making a promise about long term support and compatibility with the spreadsheet.
Or an other similar thing would just be paper and pen and tape, up on a whiteboard. All kinds of little "hand made" "applications" like this exist in households and in offices. Kanban boards are an example of this but there's and endless different kinds of "board-based physical apps" like chore charts and weekly meal plans. When someone writes on their fridge a list of chores and starts tallying who does what, that is not an eternal promise to maintain the piece of paper with chores and tally marks protocol/system.
The comments about being a SAAS, walled garden, and about the specific implementation here wrt where data's stored etc, this is just a prototype. A POC.
i'd argue that the biggest hurdle to home cooked software is finding a way to distribute/deploy it among your friends. im a backend guy and can easily make a useful li'l executable to run on my work machine. but how do i share that with people that will only use their smartphone for computing?
i either have to:
- make something browser-based, register a domain, and then pay somebody to host it. that's a lot of hoops (and unnecessary cost) just to access a little script that's just fine running locally.
- make some sort of official developer account[0] for an app store and then jump through hoops to get my app approved. this would let me make a little app that runs locally, but it's even MORE hoops to jump through and it puts you on the hook for support because it's a wide public release instead of just sharing with a couple friends.
[0] tbh, I don't know how this works. I just hear mobile devs complaining about submitting apps for review and know it can be slow and frustrating.
The easiest I can think of is making a spreadsheet. Share an Excel file over OneDrive or even a Google Sheet. The built-in features/formulas are enough for most of these use cases; if you want to go further, there's VBA (and the nightmare that comes with it - but it's less of a nightmare than paying and setting up a domain and dealing with the security of that).
I know several people who do that - non-programmers - with formulas and VBA in Excel sheets.
What makes this story even better is how it actually came about - this wasn't initially a top-down corporate initiative, but rather a passion project from a single engineer who worked on it after hours. The fact that Larian immediately recognized the value and threw their full support behind it says everything about their culture.
Swen Vincke shared the backstory:
> The story of how this came to be really is one of true passion. The Steam Deck native build was initiated by a single engineer who really wanted a smoother version of the game on Steam Deck and so he started working on it after hours. When we tried it out, we were all surprised by how good it felt and so it didn't take much to convince us to put our shoulders behind it and get it released. It's this type of pure passion for their craft that makes me fall in love with my developers over and over again. Considering myself very lucky to have people like him on my team. Try it out!
https://x.com/LarAtLarian/status/1970526548592623969
That combination of individual passion and company willingness to back good ideas is what makes Larian special.