Hacker Newsnew | past | comments | ask | show | jobs | submit | codemog's commentslogin

And the Kimi team broke the Anthropic ToS by training off Opus outputs and… nothing happened?

Nobody cares, nor should they. Anthropic broke nearly every ToS of every website that they scraped data from. The AI robber barons just want to monopolize intellectual property violations, and I'm gonna cheer on any robin hoods that take it back from them.

Are you kidding me? Who’s going to align synergy and hold accountable KPIs and vision plan the 3rd quarter and.. and.. other MBA talk. Certainly AI could never.

large language models are great at language tasks like "bullshittify this message"

I'm noticing one major early effect of them is making extensive, visually consistent, very impressive slide decks accessible to individual workers who need to actually do real work and wouldn't ordinarily have time to make those.

The result is an explosion of pretty bullshit-heavy documents flying around our org, which management loves but which is definitely, so far, net-harmful to productivity.

This comes out if you start asking questions about the documents. "Which of a couple reasonable senses of [term] do you mean, here?" they'll stumble because that was just something the LLM pulled out of the probability-cluster they'd steered it to and they left in because it seemed right-ish, not because they'd actually thought about it and put it there on purpose. They're basically reading it for the first time right alongside you, LOL. Wonderful. So LLM. Much productivity. Wow.

Anyway, since a lot of what managers and execs do is making those kinds of diagrams and tables and such in slide decks, and their own self-marketing within the company is heavily tied to those, I expect they see this great aid to selfishly productive but company un-productive activity as a sign these things will be at least as big a boon to real work. Probably why they still haven't figured out how wrong that is. I suppose they're gonna need a real kick in the ass before they figure out that being good at squeezing their couple novel elements into a big, pretty, standardized, custom-styled but standards-conforming diagram padded out with statistical-likelihoods doesn't translate to being similarly good at everything.


Jail time for execs. Only way things change.

Just update the codebase, much easier, 10 minutes.

That entirely ignores and excuses the chain of decisions that lead to this problem. Removing it from the codebase today does nothing to dissuade them from doing something similar tomorrow

That's why webXray (https://webxray.ai) has perfected forensic privacy auditing - we catch every code change that has visible traces. I'll catch the same thing any way you do it - cookies, local storage, js obfuscated network payloads...no sweat. I'll go all day long.

A lot of this advice is good or at least interesting. A lot of it is questionable. Python is completely fine for the backend. And using SQLite for your prod database is a bad idea, just use Postgres or similar.

There’s a lot to be said about his approach with go for simplicity. Python needs virtual environments, package managers, dependencies on disk, a wsgi/asgi server to run forked copies of the server, and all of that uses 4x-20x the ram usage of go. Docker usually gets involved around here and before you know it you’re neck deep in helm charts and cursing CNI configs in an EKS cluster.

The go equivalent of just coping one file across to a server a restarting its process has a lot of appeal and clearly works well for him.


Yes. It strikes me as odd how many people will put forward Python with the argument of "simplicity".

It is not. Simple. It may be "easy" but easy != simple (simple is hard, I tend to say).

I'm currently involved in a project that was initially layed out as microservices in rust and some go, to slowly replace a monolyth Django monstrosity of 12+ years tech debt.

But the new hires are pushing back and re-introducing python, eith that argument of simplicity. Sure, python is much easier than a rust equivalent. Esp in early phases. But to me, 25+ years developer/engineer, yet new to python, it's unbelievable complex. Yes, uv solves some. As does ty and ruff. But, my goodness, what a mess to set up simple ci pipelines, a local development machine (that doesn't break my OS or other software on that machine). Hell, even the dockerfiles are magnitudes more complex than most others I've encountered.


I am not following the difficulties you have mentioned. Setting up a local dev environment in Python is trivial with UV.

The only major downside of Python is its got a bit poor module system and nothing as seamless as Cargo.

Beyond that the code is a million times easier to understand for a web app.


Again, "easy" is not the same as "simple".

"trivial" falls in the "easy" category. So it may not be hard to do. But what UV makes "easy" is managing something very complex under the hood.

Better example:

FROM python:3.9-slim

WORKDIR /app

COPY requirements.txt .

RUN pip install -r requirements.txt

COPY . .

CMD ["python", "app.py"]

While "easy" it is nowhere near simple. Aside from the entire complexity of the stack of docker, that `python:3.9-slim` it itself is very complex. It installs over 20 "dev" packages (from bluetooth via tk to xz), it downloads source files, builds a python runtime, (patches that?), installs pip, setuptools, does some (to python people probably familiar?) "wheel" stuff, etc¹. Point being: what you end up with, while easy to get, is very complex.

uv manages a runtime, some virtual environment to hot-swap that with other runtimes, it hooks into a package manager, manages additional tools (linter, typechecker, lsp, etc) and so on. What lies under that is very complex.

¹ I am well aware that node, ruby, php are quite similar.


Python will take you a long way, but its ceiling (both typical and absolute) is far lower than the likes of Go and Rust. For typical implementations, the difference may be a factor of ten. For careful implementations (of both), it can be a lot more than that.

Does the difference matter? You must decide that.

As for your dismissing SQLite: please justify why it’s a bad idea. Because I strongly disagree.


What a load of nonsense.

Why is it nonsense? Sounds reasonable to me.

> its ceiling (both typical and absolute) is far lower

If you plan to remaining smaller than instagram, the ceiling is comfortably above you.


There are a myriad middle states in-between "frupid" (so frugal that it's stupid) and "Instagram scale".

Python requires much more hand-holding that many don't want to do for good reasons (I prefer to work on the product unimpeded and not feeling pride having the knowledge to babysit obsolete stacks carried by university nostalgia).

With Go, Rust, Zig, and a few others -- it's a single binary.

In this same HN thread another person said it better than me: https://news.ycombinator.com/item?id=47737151


This is a post about keeping your infrastructure simple, so Instagram is not a good ceiling to pick. People do all kinds of hacks to scale Python before they hit Instagram levels

I plan to remain smaller than two VMs

The context was explicitly single machine.

Why is SQLite bad for production database?

Yes, it has some things that behave differently than PostgreSQL but I am curious about why you think that.


For read only it can be a great option. But even then I would choose D1 which has an amazing free tier and is sqlite under da hood.

But then you don't get the benefits of having the DB locally, with in-process access.

It's local to the worker? I don't understand what you mean.

Unless your Cloudflare worker and the DB are scheduled onto the same physical server, they are not local to one another. I don’t know much about D1, but the overwhelming majority of cloud infra makes no such guarantees, nor are they likely to want to architect it in that manner.

Cloudflare's Durable Objects puts your Worker and SQLite DB on the same physical server (and lets you easily spawn millions of these pairs around the world).

D1 is a simplified wrapper around DO, but D1 does not put your DB on the same machine. You need to use DO directly to get local DBs.

https://developers.cloudflare.com/durable-objects/

(I am the lead engineer for Cloudflare Workers.)


Very cool, thanks for the response!

I think the point is that your Python webapp will have more problems scaling to let's say 10,000 customers on a 5$ VPS tham Go. Of course you can always get beefier servers, but then that adds up for every project

At 10,000 paying customers I don't think it is frivolous to move to a 10/month vps, or maybe a second 5/month one for fail-over.

I love the small few who take the time to do crazy stuff like this. Very entertaining.

Stupid regulations are why we have an idiotic cookie banner on many websites.

No, that's malicious compliance. If the owners of those websites would just stop ignoring visitors' right to privacy they wouldn't be showing those banners (yes, I know the website of the EU also has such a banner, lazy devs are lazy).

I would guess OpenAI Codex and Claude Code are well into the millions subscriber range at this point. I would venture to guess the majority of them run in yolo mode. I have only seen a few horror stories on reddit. The same way any time you drive a car you can crash and die (many times through no fault of your own).

All that said, no way in hell I’m giving either access to production databases or environments.


I have heard of more than a few horror stories including filesystems lost and force pushes done.

These tools have only been in use for a short time and the current harnesses/system prompts are quite limited. Claude code is mostly limited to your codebase where you have version control. Excel is different.

I foresee that once people hand over more power to full agents there will be some nasty surprises. Im sure there will eventually be demand for some kind of limits


Think it’s still wise to containerize it somehow just so that it can’t nuke anything.

Being worried about escape from isolation etc in a person dev context seems like overkill though


Yeah, I was thinking about simonw's lethal trifecta[0] and how to solve it and my conclusion was "you cannot", i.e. you just accept a certain level of risks for the rewards it offers.

The "agent never sees keys" approach prevents key exfiltration, but it doesn't prevent agent from nuking what it has access to, nor prevent data exfiltration.

The best advice I heard to protect against prompt injection was "just use Opus" ( ... which was great advice before they lobotomized it ;)

But even without injection, most of the horror stories are from random error, or the AI trying to be helpful (e.g. stealing your keys or working around security restrictions, because they trained or to really want to complete a task.[1])

tl;dr yolo

[0] https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

[1] https://www.reddit.com/r/ClaudeAI/comments/1r186gl/my_agent_...


Codex 5.4 medium couldn’t figure out how to run tests in my staging Cloudflare so it went ahead and ran those tests against prod. Mission accomplished.

Yes, agents.md yells not to mess with prod.


> Yes, agents.md yells not to mess with prod.

Probably what nudged it to run on prod in the first place


This cope is insane. Even simple projects generated by Claude are riddled with bugs. And there’s no way in hell it could generate a larger scoped project without a lot of manual human intervention. But yea, TODO apps and trivial calculators are effectively “solved”. Same with leetcode. I guess that’s probably the limit of many people’s imagination these days.

Author mentions working on product people hate, GitHub Copilot. Honestly it ain’t too bad. Definitely better than a lot of “enterprise” software.


Don’t work for evil companies.


I tried to do this out of undergrad (graduated last year). Many companies do both good and bad things to me, some more good than bad. The "best of the best" companies to me require many years of experience and are still competitive. I didn't really want an entry level job at an "evil" company, so I'm going to go do a PhD (in something unrelated to my original interest in operating systems, as I don't want to be a 30k/yr automaton part of Meta's R&D machine).

My point is: it's very, very, very hard to do this, especially with my set of interests (lots of OS work is in the datacenter, which leads to jobs with hyperscalers; I consider many of those companies evil). I'm trying. It will probably make my QoL worse for some time, and I'll probably give up eventually.

Also, evil is undefined in some sense. Is it wrong to do something "good" at a company that has an "evil" aspect?


> My point is: it's very, very, very hard to do this, especially with my set of interests

It is very, very, very hard because you're making it hard by insisting on finding a strong intersection with your set of interests.

Half the jobs I've had aligned well with my interests. They were also in the lower half of jobs I liked. The best jobs I've had were the boring ones. It turns out, there's a lot more to jobs than just what you work on.

The most important thing is to keep a roof over your head. Next is saving for retirement. And then there are things like work environment, the people you work with, team dynamics, the actual technical work, etc.

I've found that the most intellectually fun/challenging work was usually coupled with the most dysfunctional teams. It's likely just a coincidence, but it was a good lesson that other things matter at least as much.


Yes. I work at boring companies that are not evil instead. Never went to my local magnate (Comcast), left a company when they off/onshored entire teams to HCL slaves, etc.

No i won't make 350K as a dev. Yes i will have a paltry middle class existence while we still have a profession called IT.


I used to work on software for non-profits. I found it fulfilling but it was hard to do the work since I found fullstack technically uninteresting (this is my own shortcoming).

Finding a balance in that is difficult. I have seen that it might be easier to find a societally good job the less technically deep the job gets. Networking research seems to be both technically interesting and connected to societal impact (eg. because of the ties to censorship, security, net neutrality etc)

It seems hard to continue doing this sort of research after your PhD though, as in both your school name matters immensely (i.e. you're screwed if you didn't go to Berkeley, CMU, Stanford, or MIT) and so does your publishing success to land a research job, which seems like an enormous task.


I honestly think is it bad for you to be that morally insistent against "evil" companies.

I also think it's not as easy as most people make it. It's not the poor and innocent people that are oppressed by all this evil companies. These companies are just a reflection of the people and the society we live in.


> I honestly think is it bad for you to be that morally insistent against "evil" companies.

Why is that? I broadly agree with the idea that even "evil" companies have parts that do good things or neutral things, but I am curious about your rationale.


The key to not working for evil companies is to have more choice in who you do work for, which involves living way below your means so that you can save inordinate amounts of income and "retire" early - which is just code for "do the work I want to do for those I want to work for".


So exactly what for profit company is on the side of the angels?


Many of the startups I work with. We’re helping save the oceans and land. Purpose and profit are dream scenarios for me. It’s difficult in a capitalist economy but it exists.


Are those startups self funded or funded by VCs? If they are funded by VCs, it doesn’t matter what your company wants.


Sometimes the lesser evil is truly a lesser evil.


Why stick with for-profit companies? But on measure I'd say System76, n8n, Nextcloud, GridX, Odoo, Tuxedo, GitLab, Uplight, Aurora Solar, Bandcamp (maybe), Bitwarden, Canonical (maybe), Scribd, Arcadia, Wikihow. Basically any time you find yourself enjoying a product you're using, see who made it and if they're hiring.

Sure it's an uphill battle. This is late-stage capitalism after all and unless you're comfortable with a role that extracts from people who weren't planning in being extracted from you're not going to make a ton of money. That's what it takes to be on the side of the angels though.


I'm not unemployed right now, but in the past have applied to literally every one of those companies and been declined from every one of those companies.

It's hard to find jobs at companies that aren't run by monsters; even if you can identify a company that isn't terrible, there's still a relatively low likelihood of getting a job there.

I'm not blaming the companies for not hiring me, I'm sure they have their reasons for their terrible decision of passing up on someone as handsome and smart as me [1], and I am certainly not entitled to a job, but when I run out of companies that seem ethical, what do you do then?

It's easy to say "well start your own company!", and sure if you have the ability to do that then that's great, but I don't even really know where to begin with finding investors for stuff I'm working on, and I'm not sure that anything I'm working on would be interesting to investors anyway.

[1] It's true, my mom told me!


Haha I built that list almost entirely from companies that rejected me so I hear you.


Because for profits have the most employment opportunities? All of the companies named in replies to my initial comment hire a minuscule number of people.


If you're looking to scale, then you're looking for companies that scale, and if you're looking for companies that scale, you're not looking for angels. I used to think Cloudflare was an exception to this belief but today I'm not so sure.


Wait what's wrong with Cloudflare?


https://www.theregister.com/2026/01/12/cloudflare_vs_italy/

Definitely my bias here so take it with a grain of salt. I still use cloudflare and I'd probably still work for them.


GitLab is for profit, isn't it?


I tried to focus on for-profit, but I'm just saying there's nothing wrong with non-profits either. In fact I don't think I consciously mentioned a non-profit but I might have.


your local food bank only has so many open positions


The more people who believe this, the easier it is for me to find a job at a place I respect, so thank you.


Ideally it would be "don't buy from Oracle", but we don't get to affect those decisions.


Ironically this would just fuel more layoffs.


Counterpoint, work for companies that pay a lot regardless of good/evil. I worked for an evil company and got paid an insane amount. Got laid off. Am now happily retired in my early 40s.


Yeah, who cares about morals, right? I'm sure Palantir is hiring.

They'll kill people regardless, so might as well get paid for it!


It's very very hard to do this because any public company will be evil in the name of 'shareholder value' EVERY.SINGLE.TIME.


The right thing to be said here. Oracle is trash. Would you expect rude idiots to be nice smart people all of a sudden?


List successful companies you would not define as evil.


37signals, vanguard, costco, proton, fastmail, mullvad vpn, framework, automattic, valve, patagonia, lego, linear, hetzner, tarsnap, ...


Valve has been making money hand over fist by getting kids addicted to gambling…


The snowball of government intervention has started rolling on them.


There are those who attribute evil to Lego, and they may have a case (historically or now).

Automattic has apparently gone insane, but that's not the same as evil.

Valve might be the closest to a HN-agree on "good company" - and even that has a comment below mine attributing gambling to them.


Ok, and when you apply for and get rejected from all those companies, what do you do then? Suppose you give me a list of literally every company you think is ok, and I were declined by all of them, then what?

This isn't a theoretical question for me. I've applied to and been declined from all the companies you listed (except tarsnap because I didn't see a careers page). What exactly do I do then? Do I then just decide that food is overrated and be content with not having paycheck?


Create your own company.


Ok, great. Let's say I agree that that's a good response. I would still likely need investor money, which I don't even know how to get but even if I did then I have a similar problem of having to make sure that I only have ethical investors. I'm not saying that they don't exist but I'm not exactly fond of the big institutional VC firms.

Let's not also forget that most companies go broke, and realistically most of us don't have any ideas that are likely to make a sustainable business.

I'm not saying that you shouldn't try and find an ethical place to work for or start a business, I'm just saying that it's not as easy as "just apply to places that don't suck".


Valve takes 30% of revenue from developers because they have cornered the distribution market. Their margins on the steam store are probably second only to the apple store's, another heinously immoral product.


If everybody does it wrong and you know the right way - sounds like you’re sitting on a million dollar idea.


Consumers have no incentive to switch because they don’t care that devs are being taken advantage of, that’s what makes the scheme evil.


"You either die a hero, or you live long enough to see yourself become the villain"

It is only a matter of time...


People can’t wait to make heroes villains.


Just starting with "Not totally abhorrent and aiding the destruction of democracy in the US" would be fine.

Instead of working for Zuck or Google or Larry, you can work for Garmin, Shopify, Visa and Mastercard, most banks (they are soulless but some aren't always evil), grocery chains, pretty much any local business, car companies, non-weapon or surveillance based government work, IDEXX, hell even Apple imo and I dislike Apple, nearly every business that isn't "Tech"

Basically just stop pretending that the industry is only Google, Facebook, AWS, Microsoft, and Oracle. There's something like millions of jobs that aren't in those companies.


Costco maybe?


Pine64. ("Successful" doesn't have to mean "a megacorp".)


> Don’t work for evil companies.

I'm certainly not a fan of Oracle (or the wider scale damage the Ellisons have been doing), but I also can't bring myself to be so flippant when an action this large is going to cause untold amounts of personal tragedies.

See, for example:

https://www.reddit.com/r/employeesOfOracle/comments/1s8m58p/...

Today this unfortunate guy, tomorrow perhaps me.


Easier said than done. Most of us end up working for monsters if you go high enough up on the ladder.

I'm certainly not saying that you shouldn't have boundaries; there are certain companies that I will absolutely not work for no matter what they pay me (e.g. Palantir). I'm just saying that if you draw the line at "don't work for bad company", it's going to be hard to pay your bills since due to the lovely world of capitalism the people on top are usually sociopaths.

To be clear, I do agree broadly; if you can find a company that has decent people running it and doesn't appear to be evil to you, you should probably work for that company. The problem is that the job market is very competitive and you often have to take what you can get.

I'm in a privileged position to where I can be a little choosy with my work (for now!), but I can't really judge someone who has a family to take care of for doing what they need to to pay the bills.


Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: