I’m pretty sure YouTube’s built-in AI summary is also biased towards not “spoiling” the video.
Like if the title is a clickbait “this one simple trick to..” the ai summary
right below will summarize all the things accomplished with the “trick” but they still want you to actully click on the video (and watch any ads) to find out more information. They won’t reveal the trick in the summary.
So annoying because it could be a useful time saving feature. But what actually saves time is if I click through and just skim the transcript myself.
The ai features are also limited by context length on extremely long form content. I tried using the “ask a question about this video” and it could answer questions about the first 2 hours in a very long podcast but not the last third hour. (It was also pretty obviously using only the transcript, and couldn’t reference on-screen content)
They specifically avoid sending traffic through tailscale servers whenever possible. That’s how the free tier stays free. Most connections are direct, P2P.
The traffic that does go through their servers is encrypted, and bandwidth limited on the free plan. Any snooping on client behavior would have to be done client side, and the clients are all open source. To some extent the coordination server might be able to deduce some metadata about connections; but definitely not snoop all plaintext traffic.
I think they do have some “service detection” which can basically port-scan your devices to make services visible in the web UI. But that is easy to disable. And premium/enterprise tiers can intentionally log traffic statistics.
> To some extent the coordination server might be able to deduce some metadata about connections; but definitely not snoop all plaintext traffic.
Metadata is as good as data for deducing your behavior. Think what conclusions can be drawn about a person's behavior from a log of their network connections, from each connection's timestamp, source, destination, and port. Think about the way each additional thing-which-makes-network-requests increases the surveillance value of all the others.
Straight away, many people's NTP client tells the network what OS they use: `time.windows.com`? Probably a Windows user. `time.apple.com`? Probably Mac or iOS. `time.google.com`? You get the idea. Yeah, anyone can configure an NTP client to use any of those hosts, but the vast vast majority of people are taking the default and probably don't even know what NTP is.
Add a metadata point: somebody makes a connection to one of the well-known Wi-Fi captive portal detection hosts around 4PM on a weekday? Maybe somebody just got home from school. Captive portal detection at 6PM on a weekday? Maybe somebody just got home from work. Your machines are all doing this any time they reconnect to a saved Wi-Fi network: https://en.wikipedia.org/wiki/Captive_portal#Detection
Add a metadata point: somebody makes a network connection to their OS's default weather-widget API right after the captive-portal test, and then another weather-API connection exactly $(DEFAULT_INTERVAL} minutes later? That person who got home is probably still home.
I don’t mean P2P in the same sense that BitTorrent or something is P2P. (Splitting one connection into many distributed ones) But more like how a game that does P2P multiplayer has the clients connect directly instead of through a centralized service.
This is something I saw all the time. I’d look something up, knowing that there was probably an easy way to do <basic programming task> in modern c++ with one function call.
Find the stack overflow thread, answer from 10+ years ago. Not modern C++. New questions on the topic closed as duplicate. Occasionally the correct answer would be further down, not yet upvoted.
“Best practice” changes over time. I frequently saw wrong answers with install instructions that were outdated, commands that don’t function on newer OS version, etc etc.
It is not super easy to get around that tech. It used to be easier a long time ago. Apple patches the methods every time they can, and have made hardware adjustments in attempt to make it as hard as possible. A lot of these methods involve tricking the counter so it doesnt increment at all, or somehow rolling it back. If the phone isnt set to wipe after 10 attempts, tricking the timer that time has passed would be enough.
Im not sure if anyone other than Cellebrite knows the exact details of what they are doing. (If they can even unlock latest iPhones that are properly secured. I’m seeing a recent article that implies recently unlocked iPhones had biometrics enabled) I wouldn’t be surprised if their techniques involved disassembling the phone, and tampering with every connection of the chips involved, or depowering them in weird ways as they are counting attempts, or even desoldering and transferring the chips to other boards. I suspect that if apple knew and could patch the method, they would.
It’s impressive that it is so hard to get into iPhones imo. People use 6 digit passcodes to lock their entire digital life. That would be considered horrendously insecure for anything that isn’t an iPhone. You can (and should) increase it to a full password. But a lot of people don’t.
I used to run YouTube with “ad targeting” turned off.
The ads were 100% scams. Lots of AI slop. Deepfakes of celebrities pitching all sorts of scams. Lots of nsfw products and even occasionally illegal things like drugs or guns. Also lots of ads in languages I do not speak.
I recently learned that if you turn on ad targeting you can block certain ads and never see them again. So I’ve turned it on just to block the worst of the ads. But googles ad targeting still can’t target ads to me. It’s maybe only 70% scams now. But their targeting still sucks and I still get ads in foreign languages that I do not speak.
On my desktop I just use Adblock. I really try to avoid YouTube on mobile at all costs because the ads make it completely unusable.
Ah yes. “Non-existent security” is only a pesky detail that will surely be ironed out.
It’s not a critical flaw in the entirety of the LLM ecosystem that now the computers themselves can be tricked into doing things by asking in just the right way. Anything in the context might be a prompt injection attack, and there isn’t really any reliable solution to that but let’s hook everything up to it, and also give it the tools to do anything and everything.
There is still a long way to go to securing these. Apple is, I think wisely, staying out of this arena until it’s solved, or at least less of a complete mess.
Yes, there are some flaws. The first airplanes also had some flaws, and crashed more often than they didn't. That doesn't change how incredible it is, while it's improving.
Maybe, just maybe, this thing that was, until recently, just research papers, is not actually a finished product right now? Incredibly hot take, I know.
I think the airplane analogy is apt because commercial air travel basically capped out at "good enough" in terms of performance (just below Mach 1) a long time ago and focused on cost. Everyone assumes AI is going to keep getting better, but what if we're nearing the performance ceiling of LLMs and the rest is just cost optimization?
I just scrolled through my Libby history to check. I checked out 25 books in 2025. Several of them I didn't finish, so the number is closer to 15 completed books, but that's only though Libby. I also finished an entire fiction series that wasn't available on Libby, which was an additional 7 books.
Series is really what makes the number so high IMO. I read a lot of fanasy/sci-fi which is often a lot of trilogies. Reading just one trilogy puts you above the median. I have several friends that read only 3-4 books last year, but several that also read as much or more than me. Discussing the books amongst friends helps, as we recommend books to each other. Book-tok and other book-centric social-media circles are huge.
And it may seem like a lot but that was spread across an entire year. I often read a few chapters before bed each night, but it often depends on how hooked I am on the book, I make more time for it when I'm more hooked on a book, or on a deadline to return the book to the library.
Audiobooks helps carry the number higher as well. Its a lot easier to "read" a book when you can do it while doing other things. Although I prefer to sit down and dedicate time for e-books, I do listen to some audiobooks as well, and many of my friends exclusively read via audiobooks.
One big part of this is that gcode isnt really a 3d model
its a set of instructions on how to move the printhead around.
You don't download the gcode directly, because that varies by printer. You download a model, and then a slicing program turns that into a set of printer-specific gcode. Any subtle settings changes would change the hash of this gcode.
And the printer doesn't really know what the model is. It would have to reverse the gcode instructions back into a model somehow. The printer isn't really the place to detect and prevent this sort of thing imo. Especially with how cheap some 3d printers are getting, they often don't really have much compute power in them. They just move things around as instructed by the g-code. If the g-code is malformed it can even break the printer in some instances, or at least really screw up your print.
There are even scripts that modify the gcode to do weird things the printer really isn't designed for, like print something and then have the printer move in such a way to crash into and push the printed object off the plate, and then start over and print another print. The printer will just follow these instructions blindly.
Given that quite simple G-code, say a pair of nested circles with code for tool changes/accessory activation, can make two wildly different parts depending on which machine it is run on:
- a washer if run on a small machine in metric w/ flood coolant
- a lamp base if run on a larger router in Imperial w/ a tool changer
and that deriving what will be made by a given G-code file in 3D is a problem which the industry hasn't solved in decades, the solution of which would be worthy of a Turing Award _and_ a Fields Medal, I don't see this happening.
A further question, just attempting it will require collecting a set of 3D models for making firearms --- who will persuade every firearms manufacturer to submit said parts, where/how will they be stored, and how will they be secured so that they are not used/available as a resource for making firearms?
A more reasonable bit of legislation would be that persons legally barred from owning firearms are barred from owning 3D printers and CNC equipment unless there is a mechanism to submit parts to their parole officer for approval before manufacturing, since that's the only class of folks which the 2nd Amendment doesn't apply to, and a reasonable argument is:
1st Amendment + 2nd Amendment == The Right to 3D Print and Bear Arms
Interestingly, theres an account in that thread claiming to be from Gyrovague, but its not the same one thats in this thread, which has been confirmed to be legit as it is mentioned by name in this latest Gyrovague article.
I wonder, is the newer gyrovague-com account because they lost the login for the old one? or was the old one a different person? Hopefully they can clarify, because if there's an account pretending to be them that makes this story even more confusingly weird.
You can just email hn@ycombinator.com to get help. They can reset your password if there's someway for them to verify that you were the owner of the account.
reply