2) BAD website says “We’ve sent you an email, please enter the 6-digit code! The email will come from GOOD, as they are our sign-in partner.”
3) BAD’s bots start a “Sign in with email one-time code” flow on the GOOD website using the user’s email.
4) GOOD sends a one-time login code email to the user’s email address.
5) The user is very likely to trust this email, because it’s from GOOD, and why would GOOD send it if it’s not a proper login?
6) User enters code into BAD’s website.
7) BAD uses code to login to GOOD’s website as the user. BAD now has full access to the user’s GOOD account.
This is why “email me a one-time code” is one of the worst authentication flows for phishing. It’s just so hard to stop users from making this mistake.
“Click a link in the email” is a tiny bit better because it takes the user straight to the GOOD website, and passing that link to BAD is more tedious and therefore more suspicious. However, if some popular email service suddenly decides your login emails or the login link within should be blocked, then suddenly many of your users cannot login.
Passkeys is the way to go. Password manager support for passkeys is getting really good. And I assure you, all passkeys being lost when a user loses their phone is far, far better than what’s been happening with passwords. I’d rather granny needs to visit the bank to get access to her account again, than someone phishes her and steals all her money.
Wikimedia should block UK access. That will get the attention of media and popularity contest politicians might change their mind.
Remember the "Repeal the Online Safety Act" petition? It has gotten over half a million signatures and the response from the government was a loud "no".
> The Government has no plans to repeal the Online Safety Act, and is working closely with Ofcom to implement the Act as quickly and effectively as possible to enable UK users to benefit from its protections.
It is frequently suggested that once one of the AI companies reaches an AGI threshold, they will take off ahead of the rest. It's interesting to note that at least so far, the trend has been the opposite: as time goes on and the models get better, the performance of the different company's gets clustered closer together. Right now GPT-5, Claude Opus, Grok 4, Gemini 2.5 Pro all seem quite good across the board (ie they can all basically solve moderately challenging math and coding problems).
As a user, it feels like the race has never been as close as it is now. Perhaps dumb to extrapolate, but it makes me lean more skeptical about the hard take-off / winner-take-all mental model that has been pushed.
Would be curious to hear the take of a researcher at one of these firms - do you expect the AI offerings across competitors to become more competitive and clustered over the next few years, or less so?
My deepest concern at this time isn't that AI eventually gets written down to nothing; because I don't think it will. Its that these companies are so scared of being out-competed by an AI-first competitor that they're willing to make deep sacrifices to their core businesses just to effectively virtue signal that they're AI first and unable to be out-competed.
It is deeply concerning because all things point to reality shaking out with irony. None of these big tech companies have leveraged AI to build anything remotely interesting from a product perspective. Its truly astounding how bad they are at it. Apple has nothing, Microsoft wants to put spyware on every Windows computer and builds the worst coding agent on the market despite having privileged access to every line of source code ever written, Meta put a chatbot in Whatsapp then decided paying researchers ten mil would solve their problems, Google has world-class research teams that have produced unbelievable models, without any plan at all on how those make it into their products beyond forcing a chat window into Google Drive.
Their fear is going to lose them everything. Its a fascinating inversion of the early internet problem, where companies who were unwilling to innovate got out-competed. Everyone learned that lesson and decided "we'll never be unwilling to innovate ever again"; but now their core product stable undergoes constant churn that is pissing off customers and driving competition to eat their lunch.
There is long-term, durable beauty in investing majority effort into making Github the single best place to host and organize code. That need is never going away. There is also necessity in ensuring it has an AI strategy in a post-AI world, no one doubts that, but its a matter of proportion and humility. Microsoft/Github will never build AI products that lead the market. Its not a technology problem; its an organizational and political one. But that's ok, because they could dominate the market with the world's best code hosting platform, an average AI strategy, and a library of integrations with the rest of the frontier world.
One of a few issues I have with groups like these, is that they often confidently and aggressively spew a set of beliefs that on their face logically follow from one another, until you realize they are built on a set of axioms that are either entirely untested or outright nonsense. This is common everywhere, but I feel especially pronounced in communities like this. It also involves quite a bit of navel gazing that makes me feel a little sick participating in.
The smartest people I have ever known have been profoundly unsure of their beliefs and what they know. I immediately become suspicious of anyone who is very certain of something, especially if they derived it on their own.
I work at Google on these systems everyday (caveat this is my own words not my employers)). So I simultaneously can tell you that its smart people really thinking about every facet of the problem, and I can't tell you much more than that.
However I can share this written by my colleagues! You'll find great explanations about accelerator architectures and the considerations made to make things fast.
Edit:
Another great resource to look at is the unsloth guides. These folks are incredibly good at getting deep into various models and finding optimizations, and they're very good at writing it up. Here's the Gemma 3n guide, and you'll find others as well.
This comment comes some 15 years late. Microsoft runs the biggest org on github and has open sourced a lot of their own code under permissive licenses.
IE has been dead and buried for ages. Edge doesn't have even close to the same market share and is based on Chromium.
They build more and more of their own UIs on Electron.
I honestly don't remember when they tried to snare someone to use proprietary extensions to something open. I probably have missed a few instances.
Long story short: MS isn't a saint. They are a business. And they have behaved relatively nice for so long that some young adults don't know any other side of MS now.
Perhaps it is not possible to simulate higher-level intelligence using a stochastic model for predicting text.
I am not an AI researcher, but I have friends who do work in the field, and they are not worried about LLM-based AGI because of the diminishing returns on results vs amount of training data required. Maybe this is the bottleneck.
Human intelligence is markedly different from LLMs: it requires far fewer examples to train on, and generalizes way better. Whereas LLMs tend to regurgitate solutions to solved problems, where the solutions tend to be well-published in training data.
That being said, AGI is not a necessary requirement for AI to be totally world-changing. There are possibly applications of existing AI/ML/SL technology which could be more impactful than general intelligence. Search is one example where the ability to regurgitate knowledge from many domains is desirable
I think that just like it happened with Apple after they made it out of bankruptcy, Microsoft being the cool guys phase is slowly over.
Xamarin is no more, after the whole MAUI rewrite without backwards compatibility to Xamarin.Forms, killing VS4Mac, shortly after having rewriten the underlying Xamarin based IDE into Mac, what survives is a subset of Xamarin tech for mobile and WebAssembly workloads.
.NET is now cross platform, but only as long as it doesn't hurt VS sales, with GUI workloads, profilers, still being mostly Windows only, and partially supported on VSCode, which also has the same VS license.
A proper cross platform IDE experience requires getting Rider.
Then there is the issue they seem to be shoting into all directions, with GUI frameworks, Web, Blazor, Aspire, to see what sticks.
Github even with the previous CEO was already a delivery mechanism for Azure and AI efforts, now it will be full steam ahead, as per new org chart.
VC++ after betting other compilers in C++20 support, seems to have lost its resources struggling to deliver C++23, and also probably affected by the Secure Future Initiative, and decisions for safer languages.
But hey 4 trillion valuation, so from shareholders point of view, everything is going great.
“the plans and the demolition orders have been on display at the local planning office on Alpha Centauri for fifty of your Earth years. If you can't be bothered to take an interest in local affairs...”
> The government told the BBC it welcomed the High Court's judgment, "which will help us continue our work implementing the Online Safety Act to create a safer online world for everyone".
Demonstrably false. It creates a safer online world for some.
> In particular the foundation is concerned the extra duties required - if Wikipedia was classed as Category 1 - would mean it would have to verify the identity of its contributors, undermining their privacy and safety.
Some of the articles, which contain factual information, are damning for the UK government. It lists, for example, political scandals [1] [2]. Or information regarding hot topics such as immigration [3], information that the UK government want to strictly control (abstracting away from whether this is rightfully or wrongfully).
I can tell you what will (and has already) happened as a result:
1. People will use VPNs and any other available methods to avoid restrictions placed on them.
2. The next government will take great delight in removing this law as an easy win.
3. The likelihood of a British constitution is increasing, which would somewhat bind future parliaments.
GPT-5 non-thinking is labeled 52.8% accuracy, but o3 is shown as a much shorter bar, yet it's labeled 69.1%. And 4o is an identical bar to o3, but it's labeled 30.8%...
Awesome. I remember much earlier in my career I was working on a 3D turn-by-turn navigation software, and one of my tasks was to draw the sky in the background. The more senior guy on the team said, just draw a blue rectangle during the day and a dark gray one at night and call it job done. Of course, I had to do it the hard way, so I looked up the relevant literature on sky rendering based on the environment, latitude, longitude, time of day and so on, which at the time was Preetham[1] ("A Practical Analytic Model for Daylight"), and built a fully realistic sky model for the software. I even added prominent stars based on a hard-coded ephemeris table. It was quite fast, too.
Well, the higher ups of course hated it, they were confused as to why the horizon would get hazy, yellowish, and so on. "Our competitors' skies are blue!" They didn't like "Use your eyes and look outside" as an answer.
Eventually, I was told to scrap it and just draw a blue rectangle :(
Reading through the comments under this thread, there are many users who swear by a plain text file, but who then build quite a lot of snowflake software to regain functionality offered by more structured TODO applications. That includes:
- having your computer alert you to things that come up
- being able to tag notes
- being able to add events to a calendar
- being able to set priority of tasks
- expecting prioritized/currently relevant tasks to be at the top of the agenda
- being able to add recurring tasks
- full-text search (grepping)
- formatting features (markdown)
Some of the laborious (or, in my opinion, plain unholy) solutions include:
- feeding TODOs to an LLM to filter for the currently relevant ones and send Telegram notifications
- hand-copying currently relevant tasks to the top of the TODO list
- running a script on a VPS to sync notifications
- set up cron job with git commit
- writing post-it notes by hand
I would encourage everyone to try out emacs with org-mode. It takes some time to get used to the editor and its keybindings (though provisions exist for vim users), but _every_ item on the list above is handled out of the box, or is offered through a free and maintained plugin.
The author of the OP claims to have tried _every_ todo app, and has afterwards moved (regressed?) to writing notes in a plain text file, but there is a path extending from this point that the author has not walked yet. I strongly suggest that, especially for people with a computing or technical background, it is an undisputed upgrade. https://doc.norang.ca/org-mode.html being the bible, of course.
Please also fight mandatory age verification with prison sentences. The European Parliament has already voted in favor of a law that mandates age verification for pornography with a one year prison sentence. It was included as a last minute amendment into this bill [1]. See "Amendment 186". It has been completely missed by news organizations and even interest groups.
The full accepted article reads: "Disseminating pornographic content online without putting in place robust and effective age verification tools to effectively prevent children from accessing pornographic content online shall be punishable by a maximum term of imprisonment of at least 1 year."
It's not law yet, as the first reading is now sent back to the Council of the European Union, but I don't think it's very likely it will get a second reading.
Enterprise customers, remember to email your sales rep and ask for them to report on their contracted uptime with you that you are allowed to do as per contract.
They wont do this unless you ask hoping you don't notice the outages.
It creates lots of internal pain - they have no automation internally for reporting on this.
This is the only way anything will ever change. GitHub is _easily_ the most unreliable SaaS product. There's not a week whereby we aren't affected by an outage. Their reputation is mud.
This is a genre of article I find particularly annoying. Instead of writing an essay on why he personally thinks GPT-5 is bad based on his own analysis, the author just gathers up a bunch of social media reactions and tells us about them, characterizing every criticism as “devastating” or a “slam”, and then hopes that the combined weight of these overtorqued summaries will convince us to see things his way.
It’s both too slanted to be journalism, but not original enough to be analysis.
What this shows to me, as someone who has committed some of the unholy crimes above, is that people want their system, however esoteric, to come naturally to them.
I think reading docs, understanding a new system which someone else has designed, and fitting one's brain into _their_ organisational structure is the hard part. Harder than designing one's own system. It's the reason many don't stick with an off-the-shelf app. Including Org mode.
> But if you want an existence proof: Maven. The Java library ecosystem has been going strong for 20 years, and during that time not once have we needed a lockfile. And we are pulling hundreds of libraries just to log two lines of text, so it is actively used at scale.
Do not pretend, for even half a second, that dependency resolution is not hell in maven (though I do like that packages are namespaced by creators, npm shoulda stolen that).
I love this article just for the spirit of fun and experimentation on display. Setting up a VPS where Claude is just asked to go nuts - to the point where you're building a little script to keep Claude humming away - is a really fun idea.
This sort of thing is a great demonstration of why I remain excited about AI in spite of all the hype and anti-hype. It's just fun to mess with these tools, to let them get friction out of your way. It's a revival of the feelings I had when I first started coding: "wow, I really can do anything if I can just figure out how."
The problems of Passkeys are more nuanced than just losing access when a device is lost (which actually doesn't need to happen depending on your setup). The biggest problem are attestations, which let services block users who use tools that give them more freedom. Passkeys, or more generally challenge-response protocols, could easily have been an amazing replacement for passwords and a win-win for everyone. Unfortunately, the reality of how they've been designed is that they will mainly serve to further cement the primacy of BigTech and take away user freedom.
Non-power-of-2 sizes are awkward from a hardware perspective. A lot of designs for e.g. optimized multipliers depend on the operands being divisible into halves; that doesn't work with units of 9 bits. It's also nice to be able to describe a bit position using a fixed number of bits (e.g. 0-7 in 3 bits, 0-31 in 5 bits, 0-63 in 6 bits), e.g. to represent a number of bitwise shift operations, or to select a bit from a byte; this also falls apart with 9, where you'd have to use four bits and have a bunch of invalid values.
The law was passed by the previous government and everyone assumed the next government would take great delight in reversing it.
I wouldn’t be so sure that any next government (which, by the way, there is still a non zero chance could be Labour) will necessarily reverse this. Maybe Reform would tweak the topics, but I’m not convinced any party can be totally trusted to reverse this.
One of the most interesting things about this legislation is where it comes from.
Primarily it was drafted and lobbied for by William Perrin OBE and Prof Lorna Woods at Carnegie UK[1], billed as an “independent foundation”.
William Perrin is also the founder of Ofcom. So he’s been using the foundation’s money to lobby for the expansion of his unelected quango.
It has also been suggested that one of the largest beneficiaries of this law, an age verification company called Yoti, also has financial ties to Carnegie UK.
It’s difficult to verify that because Yoti is privately held and its backers are secret.
It’s not as if anyone was surprised that teenagers can get round age blocks in seconds so there’s something going on and it stinks.
> If Ofcom permissibly determines that Wikipedia is a Category 1 service, and if the practical effect of that is that Wikipedia cannot continue to operate, the Secretary of State may be obliged to consider whether to amend the regulations or to exempt categories of service from the Act. In doing so, he would have to act compatibly with the Convention. Any failure to do so could also be subject to further challenge. Such a challenge would not be prevented by the outcome of this claim.
Basically, DENIED, DENIED, DENIED. Ofcom can keep the loaded gun pointed in Wikipedia's face, forever, and make as many threats as it likes. Only if it pulls the trigger does Wikipedia have a case.
Wikipedia should voluntarily remove itself from the UK entirely. No visitors, no editors.
1) User goes to BAD website and signs up.
2) BAD website says “We’ve sent you an email, please enter the 6-digit code! The email will come from GOOD, as they are our sign-in partner.”
3) BAD’s bots start a “Sign in with email one-time code” flow on the GOOD website using the user’s email.
4) GOOD sends a one-time login code email to the user’s email address.
5) The user is very likely to trust this email, because it’s from GOOD, and why would GOOD send it if it’s not a proper login?
6) User enters code into BAD’s website.
7) BAD uses code to login to GOOD’s website as the user. BAD now has full access to the user’s GOOD account.
This is why “email me a one-time code” is one of the worst authentication flows for phishing. It’s just so hard to stop users from making this mistake.
“Click a link in the email” is a tiny bit better because it takes the user straight to the GOOD website, and passing that link to BAD is more tedious and therefore more suspicious. However, if some popular email service suddenly decides your login emails or the login link within should be blocked, then suddenly many of your users cannot login.
Passkeys is the way to go. Password manager support for passkeys is getting really good. And I assure you, all passkeys being lost when a user loses their phone is far, far better than what’s been happening with passwords. I’d rather granny needs to visit the bank to get access to her account again, than someone phishes her and steals all her money.