Hacker News new | past | comments | ask | show | jobs | submit | cedws's comments login

Don’t forget he’s also a top player in Path of Exile 2 hardcore league - a feat that requires playing around the clock. He’s so good at gaming that he was playing it while at the inauguration without needing a computer.

Even with the training material what good is it? The model isn’t reproducible, and even if it were you’re not going to spend the money to verify the output.

> The model isn’t reproducible

Not necessarily[0], it's a WIP, but: https://github.com/huggingface/open-r1

[0] Surely they won't end up with the exact same weights, but it should be possible to verify something about the model and approach


I guess something like a kickstarter campaign would be needed to get together the millions of dollars needed per training run

Frontier models will never be reproducible in the freedom-loving countries that enforce intellectual property law, since they all depend on copyrighted content in their training data.

why not? if we could get a version of ChatGPT that wasn't censored and would tell me how to make meth, or an censored version of deepseek that wanted to talk about tank man, you don't think the Internet would come together and make that happen?

I’ve been to FOSDEM for the past three in-person years in row, but I’m skipping this year. I appreciate the spirit of the event but it’s way too overcrowded I usually end up missing most talks I’m interested in because the rooms are full or I can’t find where they are. Each year I’m always taken aback at how run down and grimy Brussels is as well. I’m from London and I feel much less safe there. A pickpocket brazenly tried to take my wallet last year at a train station. My mate also had his car window smashed. You’d think the heart of the EU would be in a better state.

It’s 2025, why are we still protecting our money with 4 digits? Our phones have advanced biometrics, why can’t our cards have that too?

Card issuers need to stop being lazy because they have a monopoly and innovate a bit.


Because you can't change biometrics. What are you going to do, wear gloves so that you have a different fingerprint?

The money is also protected by your financial institution's fraud detection. I've had everything from ATM transactions to store purchases flagged as fraud despite having the correct PIN and the physical card.

Last I checked npm packages were full of garbage including non-source code. There's no reason for node_modules to be as big as it usually is, text compresses extremely well. It's just general sloppiness endemic to the JavaScript ecosystem.

It's not even funny:

  $ ll /nix/store/*-insect-5.9.0/lib/node_modules/insect/node_modules/clipboardy/fallbacks/*
  /nix/store/…-insect-5.9.0/lib/node_modules/insect/node_modules/clipboardy/fallbacks/linux:
  .r-xr-xr-x 129k root  1 Jan  1970 xsel

  /nix/store/…-insect-5.9.0/lib/node_modules/insect/node_modules/clipboardy/fallbacks/windows:
  .r-xr-xr-x 444k root  1 Jan  1970 clipboard_i686.exe
  .r-xr-xr-x 331k root  1 Jan  1970 clipboard_x86_64.exe
(clipboardy ships executables and none of them can be run on NixOS btw)

I don't know why, but clipboard libraries tend to be really poorly implemented, especially in scripting languages.

I just checked out clipboardy and all they do is dispatch binaries from the path and hope it's the right one (or if it's even there at all). I think I had a similar experience with Python and Lua scripts. There's an unfunny amount of poorly-written one-off clipboard scripts out there just waiting to be exploited.

I'm only glad that the go-to clipboard library in Rust (arboard) seems solid.


Are they reproducible? Shipping binaries in JS packages is dodgy AF - a Jia Tan attack waiting to happen.

The executables are vendored in the repo [0].

[0] https://github.com/sindresorhus/clipboardy/tree/main/fallbac...


That's on the package publishers, not NPM. They give you an `.npmignore` that's trivially filled out to ensure your package isn't full of garbage, so if someone doesn't bother using that: that's on them, not NPM.

(And it's also a little on the folks who install dependencies: if the cruft in a specific library bothers you, hit up the repo and file an issue (or even MR/PR) to get that .npmignore file filled out. I've helped folks reduce their packages by 50+MB in some cases, it's worth your own time as much as it is theirs)


It's much better to allowlist the files meant to be published using `files` in package.json because you never know what garbage the user has in their folder at the time of publish.

On a typical project with a build step, only a `dist` folder would published.


Not a fan of that one myself (it's far easier to tell what doesn't belong in a package vs. what does belong in a package) but that option does exist, so as a maintainer you really have no excuse, and as a user you have multiple MR/PRs that you can file to help them fix their cruft.

> On a typical project with a build step, only a `dist` folder would published.

Sort of, but always include your docs (readme, changelog, license, and whatever true docs dir you have, if you have one). No one should need a connection for those.


You might be interested in e18e if you would like to see that change: https://e18e.dev/

They’ve done a lot of great work already.


Does this replace ljharb stuff?

Yep, I wrote a script that starts at a root `node_modules` folder and iterates through to remove anything not required (dotfiles, Dockerfile, .md files, etc) - in one of our smaller apps this removes about 25Mb of fluff, some packages are up to 60-70mb of crap removed.

Totally agree with you. I wish npm did a better job of filtering the crap files out of packages.

One of the things I like about node_modules is that it's not purely source code and it's not purely build artifacts.

You can read the code and you can usually read the actual README/docs/tests of the package instead of having to find it online. And you can usually edit library code for debugging purposes.

If node_modules is taking up a lot of space across a bunch of old projects, just write the `find` script that recursively deletes them all; You can always run `npm install` in the future when you need to work on that project again.


At least, switch to pnpm minimize the bloat

As someone who mostly works in Java it continues to floor me that this isn’t the default. Why does every project I work on need an identical copy of possibly hundreds of packages if they’re the same version?

I also like Yarn pnp’s model of leaving node_modules as zip files. CPUs are way faster than storage, they can decompress on the fly. Less disk space at rest, less disk slack, less filesystem bookkeeping.

Every single filesystem is way faster at dealing with one file than dozens/hundreds. Now multiply that by the the hundreds if does, it add up.


I just installed a project with pnpm about 120 packages mostly react/webpack/eslint/redux related

with prod env: 700MB

without prod env: 900MB

sadly the bloat cannot be avoided that well :/


pnpm stores them in a central place and symlinks them. You’ll see the benefits when you have multiple projects with a lot of the same packages.

You'll also see the benefit when `rm -rf`ing a `node_modules` and re-installing, as pnpm still has a local copy that it can re-link after validating its integrity.

I believe I knocked 10% off of our node_modules directory by filing .npmignore PRs or bug reports to tools we used.

Now if rxjs weren’t a dumpster fire…


You could try Basecamp’s Kamal. I can’t vouch for it because I haven’t tried it, but I expect it would be miles better than setting up a gigantic Kubernetes stack and dealing with all that complexity.

Unless you’re playing around with derivatives, crypto is actually fairly safe. There are price swings but the supply doesn’t magically increase because someone was ordered to print more. Therefore there is always a reasonable expectation that its value will increase over time.

The price swings with crypto are on the demand side. It is completely unsafe because there's no rhyme or reason to its demand, people just following whichever way the crowd goes, in whichever direction, and variously hoping it continues or reverses.

It's not even like gambling on an external event like whether a horse wins -- it's betting on how other people are betting.

There is absolutely no reasonable expectation that its value will increase over time. There's no reasonable expectation of anything because it has no demand-side fundamentals whatsoever.


>It is completely unsafe because there's no rhyme or reason to its demand, people just following whichever way the crowd goes, in whichever direction, and variously hoping it continues or reverses.

How is this any different to any other security? There's speculation in all markets.


It's different because other securities have a fundamental present value of future cash flows. You expect corporations you buy stocks in will pay dividends and/or be purchased by another corporation that does.

If stocks get too expensive or too cheap from what people's estimation of that present value is, we know a correction will come at some point. It always does.

But with crypto, there's utterly on sense of "too expensive" or "too cheap" or "correction". It's just betting on betting.

Regular securities are fundamental value plus limited speculation. Crypto is purely speculation that is unbounded. Two totally different things.


No, there is always a reasonable expectation that crypto will crash to near zero.

Crypto valuation is based on the greater fool theory and one day you will run out of fools.


I don’t know about CIA, but something about Proton has always felt off.

The fact that it's shown in all Hollywood films as "secure" email, and Navy Seals guys on youtube are recommending it in unison—should tell you all you need to know... Not to mention the DDoS protection racket the Israelis (coordinated with the BND) pulled on Proton for traffic analysis. See their own statement on the matter: https://proton.me/support/protonmail-israel-radware

DE-CIX is a known SIGINT collection site.


Good. This gigantic hype cycle needs a reality check. And if it turns out Deepseek is hiding GPUs, good for them for doing what they need to do to get ahead.

Keen to try this but I don't have any "Generate" button and it says I have 0 songs/artists in my library.

Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: