I'm pretty optimistic that not only does this clean up a lot of vulns in old code, but applying this level of scrutiny becomes a mandatory part of the vibecoding-toolchain.
The biggest issue is legacy systems that are difficult to patch in practice.
I could see some of these corps now being able to issue more patches for old versions of software if they don't have to redirect their key devs onto prior code (which devs hate). As you say though, in practice it is hard to get those patches onto older devices.
I'm looking at you, Android phone makers with 18 months of updates.
Off course not, but there is infinitely more vulnerable software escaping Anthropic's scrutiny. And when AI-powered discovery becomes a necessity, that will lead to concentration of power to these kinds of companies.
Bruce Scheier made a comprehensive analysis of the pros and cons and forces at play for adversary and defenders [1].
I think it's safe to predict yet more money previously directed to us techies will find its way to the Anthropics of this world.
I imagine that some levels of patching would be improving as well, even as a separate endeavor. This is not to say that legacy systems could be completely rewritten.
If we have the source and it's easy to test, validate, and deploy an update - AI should make those easier to update.
I am thinking of situations where one of those aren't true - where testing a proposed update is expensive or complicated, that are in systems that are hard to physically push updates to (think embedded systems) etc
I feel like every new iteration of ways to find good content online: webrings, blogrolls, user upvoting/downvoting, giving everyone their own microblog to share interesting links, ML to learn your own preferences by your behavior - they all worked really well at first, but then eroded significantly once people figured out how to game them.
The economic incentive is overwhelming to corrupt these signals, either directly (link sharing schemes, upvote rings, bots to like your content) or indirectly (shaping your content itself to have the shape of what will be promoted, regardless of its quality).
What you almost want is to use any of these ideas and hope for it to catch on widely enough in your small niche to be useful, but not so much that it comes an optimization target.
Smolnet might be the answer. There really isn't a feasible mechanism for monetizing it. At worst, you could have some text ad embedded. No images. Minimal semantic markup (links, lists, quotes, code, generic text) in the case of gemini/gemtext.
It's CNBC for Silicon Valley - a combination of good background noise, a broad survey of what people are talking about around the valley, and occasionally really great interviews.
They get a lot of guests to do interviews that they wouldn't do elsewhere, in part because they are unabashedly and unapologetically cheerleaders - pro-tech, pro-VC, pro-startup, pro-Big-Tech, etc. They don't grill you like an old-school journalist would about whatever the latest political controversy is, they ring a giant gong when their guest brings up a cool traction or fundraising number.
I would never use it as my only source of news for what's going on in tech, but with a lot of other tech journalism covering the downsides or problems with the industry, there is definitely a niche for them.
Just based on the number of very prominent guests they get to do interviews, they clearly have a lot of viewers in influential tech/vc circles, even if their total audience size isn’t huge.
That's true, but a lot of these people are also competitors. I can't imagine it'll be attractive going to the OpenAI media channel to talk about Gemini or Grok.
If the vast majority of CEOs in this industry are to be believed, any company that achieves "AGI" will be undefeatable, their model improvements and research findings impossible to catch up to. Why risk that being Anthropic, Moonshot or any other competitor to OpenAI by spending your money on this?
The few months/years before "Everyone dies", wouldn't OpenAI want to be the "Anyone" that "build it" and is in control during that time? Unless, of course, OpenAI does not actually believe in that being a possibility, as suspected when they were working on social media...
I admit I'm surprised by the move, from a company that reportedly just talked about how they need to focus more on fewer, more strategic products.
But I also see the potential value. This is an entertaining and highly influential podcast, a lot of top VC's and founders watch it; it definitely punches well above it's audience KPI's in strategic value. I've seen many interviews or op-eds on the platform pretty clearly shape the startup discourse on X.
I also think it should run mostly autonomously, it'll only be as much of a distraction for OpenAI execs as they want it to be.
OpenAI just raised $122 billion (including future commitments), so whatever the purchase price was (we have no diea) is not going to even be a rounding error on their financial resources or their ability to pay their datacenter bills.
Robinhood did exact same thing, it's more for marketing reach and distribution stuff. Wouldn't be surprised in few years they let it go or spin it down, just paying for a funnel/some narrative control
And has roughly 2.7 billion monthly active users. This means the average YouTube user brings in around $1.23 per month. When you consider that CPM's can easily swing by 20X based on how wealthy the user demographic is, and willingness to pay a subscription is a strong signal for purchasing power, I would not be at all subscribed if a YouTube premium subscription was revenue-neutral for Google.
Having a facial recognition match make you a suspect and cause the police to ask you some questions doesn't seem completely unreasonable to me. Investigations can certainly begin with weak forms of evidence (like an anonymous tip), you just require a higher standard of evidence for a search warrant, surveillance, or an arrest. A facial recognition match shouldn't be probable cause for an arrest warrant, but it still might be a useful starting point for a detective looking for actual evidence.
It is absolutely not reasonable to use low-quality photos to decide someone halfway across the country with no history of even leaving their local area is 'a suspect'.
Why does not the investigator have to supply some sort of evidence that she has a history of leaving their local area rather than putting the onus on the accused? This line of argument is halfway to "guilty until proven otherwise".
You and the GP that replied to me are way overstating what it means to be a "suspect". It just means the police are investigating you and consider it a possibility you've committed the crime. On its own, is not a sufficient status to search your home, subpoena your ISP, or arrest you - all of those things require a much higher burden of evidence, and oftena third party (judge's) approval. People routinely become "suspects" on much flimsier evidence than an unreliable software match - if I call in an anonymous tip that I saw you acting suspicious near the crime scene, you will probably become a suspect.
If you'd like, you can replace the term "suspect" in my post with "person of interest", which colloquially implies a lot less suspicion but isn't practically any different in terms of how the police interacts with you.
Adoption of web browsers was also much lower when Netscape was dominant. 90% marketshare is less meaningful if you're only 1% of the way to the potential market size. Peeling away users who talk to ChatGPT every day is very possible, but harder than getting someone whose never used an LLM before (but does use your OS, browser, phone...) to try yours first.
I think the even better analogy than browsers is search engines. There aren't any network effects or platform lock-in, but there is potential for a data flywheel, building a brand, and just getting users in the habit of using you. The results won't necessarily turn out the same - I think OpenAI's edge on results quality is a lot less than early Google over its competitors - but the shape of the competition is similar.
Maybe! Switching search engines is also very easy, and the top story on the front page is someone no longer using Google, but we know in practice almost nobody does that. As technologists we're much more likely to switch and know people who would switch.
google search definitely has a moat. people build their websites to optimize for google's algorithm, therefore google users see better results -> google gets more users -> websites optimize for google -> repeat. Personally I never bother with 'bing SEO' or 'bing ppc ads'.
the AI has gotten good enough that click-thru-rate on informational searches has fallen off a cliff. I have some blog posts for SEO, their CTR is like 0.1% now.
google search took over becuse all search engines sucked and theirs didn't in a few important ways. AND by default, ads over to the side, clean interface.
Now all search engines suck and google's sucks just as bad or worse than the rest.
If someone were to follow the original google playbook and make a search engine that helped people find things (eg by respecting the query syntax rather than making 'helpful' suggestions and dropping words the user included in their query) and kept the ads separate and out of the way of results. They might well make a monster. But this is old tech so nobody cares and everyone thinks google is unassailble even while nobody likes them anymore. Is there /any/ money in search? I thought so but I must be wrong for it to get this bad.
Google search still has at least one competitive advantage: their crawlers are least likely to be blocked so they have the biggest index. AFAIK reddit is indexed by google but blocks all other search crawlers.
Ease of setup is the biggest reason. I use this setup as well, but there are other UX niceties that would be a lot better with a dedicated mobile app: push notifications when Claude needs your input (I use a hook for this that connects to Pushover, but that's another service and extra setup), voice input, autocorrect that's right for this context, etc.
I have a hook in my claude.json that fires on "Stop", it calls a shell script (written by Claude, of course) that calls the Pushover API: https://pushover.net/, which lets you send push notifications to your device. It's paid, but just a one-time fee when you install the app on your phone.
The shell script takes a message which includes Claude's message, but unfortunately there's no deeplinking back to my ssh app (for obvious reasons, the notification just routes you to the pushover app), so instead of tapping the message, I know to just open my Blink shell app to respond to Claude.
This is also quite noisy when I'm just sitting at my desk working, but I usually turn off phone notifications while working anyway.
Good PM's are extremely good at understanding users, and use soft-skills to make the rest of the org focus on users more. I've worked with a couple, and they've added an enormous amount of value, sometimes steering teams of dozens of engineers in a more productive direction.
The problem is, it's hard to measure how good a PM is, even harder than for engineers. The instinct is to use product KPI's to do so, but especially at BigTech company, distribution advantages and traction of previous products will be the dominant factor here, and the best way of raising many product KPI's are actually user-hostile. Someone who has been a successful FAANG engineer who goes to a startup might lean towards over-engineering, but at least they should be sharp on the fundamentals. Someone who has been a successful FAANG PM might actually have no idea how to get PMF.
> Here's what to do instead: Find your most socially competent engineer, and have them talk to users a couple times a month
This is actually a great idea, but what will happen is this socially competent engineer will soon have a new full-time job gathering those insights, coalescing them into actionable product changes, persuading the rest of the org to adopt those changes, and making sure the original user insights make it into the product. Voila: you've re-invented product management.
But I actually think it's good to source PM's from people who've been engineers for a few years. PM's used to come from a technical background; Google famously gave entry-level coding tests to PM's well into the '10s. I dunno when it became more fashionable to hire MBA's and consultants into this role, but it may have been a mistake.
This is a names vs. structure thing. For a moment, taboo the term product manager.
What I'm suggesting is a low risk way to see if an engineer has an aptitude for aligning the roadmap with what the users want.
If they aren't great at it, they can go back to engineering.
We also know for sure that they are technically competent since they are currently working as an engineer, no risk there.
The conventional wisdom (bad meme) is going to the labor market with a search term for people who claim to know what the users want, any user, any problem, doesn't matter. These people are usually incompetent and have never written software. Then hiring 1 and potentially more of the people that respond to the shibboleth.
If you want the first case, then you can't say "product manager" because people will automatically do the second case.
> What I'm suggesting is a low risk way to see if an engineer has an aptitude for aligning the roadmap with what the users want. If they aren't great at it, they can go back to engineering. We also know for sure that they are technically competent since they are currently working as an engineer, no risk there.
It doesn't have to be the most socially competent engineer to gather feedback. Having the engineering team sit with the target users gives so much insight into how the product is being used.
I once worked on an administrative tool at a financial institution. There were lots of pain points, as it started as a dev tool that turned into a monstrosity for the support staff. We asked to have a meeting with some reps who were literally 2 floors below us. Having the reps talk as they worked with the tool in real time over 1 hour was worth more than a year's worth of feedback that trickled in. It's one thing to solicit feedback. It's another to see how idiosyncrasies shape how products get used.
Putting on a PM hat is something I've been doing regularly in my engineering career over the last quarter century. Even as a junior (still in college!) at my first job I was thinking about product, in no small part because there were no PMs in sight. As I grew through multiple startups and eventually bigger brand name tech companies, I realized that understanding how the details work combined with some sense of what users actually want and how they behave is a super power. With AI this skillset has never been more relevant.
I agree your assessment about the value of good PMs. The issue, in my experience, is that only about 20% (at most) are actually good. 60% are fine and can be successful with the right Design and Engingeering partners. And 20% should just be replaced by AI now so we can put the proper guardrails around their opinions and not be misled by their charisma or whatever other human traits enabled them to get hired into a job they are utterly unqualified for.
The biggest issue is legacy systems that are difficult to patch in practice.
reply