C# works great for agents but it works due to established patterns, strict compiler & strong typing, compiler flag for "Treat Warnings as Errors", .editorconfig with many rules and enforcement of them. You have to tell it to use async where possible, to do proper error handling and logging, xml comments above complex methods and so on. It works really well once you got it figured out. It also helps to give it separate but focussed tasks, so I have a todo.txt file that it can read to keep track of tasks. Basically you have to be strict with it. I cannot imagine how people trust outputs for python/javascript as there are no strong typing or compilers involved, maybe some linting rules that can save you. Maybe Typescript with strict mode can work but then you have to be a purest about it and watch it like a hawk, which will drain you fast. C# + claude code works really well.
I have worked in this space, and my experience was that usually age / identity verification is driven by regulatory or fraud requirements. Usually externally imposed.
Product managers hate this, they want _minimum_ clicks for onboarding and to get value, any benefit or value that could be derived from the data is miniscule compared to the detrimental effect on signups or retention when this stuff is put in place. It's also surprisingly expensive per verification and wastes a lot of development and support bandwidth. Unless you successfully outsource the risk you end up with additional audit and security requirements due to handling radioactive data. The whole thing is usually an unwanted tarpit.
Depends on what product they manage, at least if they're good at their job. A product manager for social media company know it's not just about "least clicks to X", but about a lot of other things along the way.
Surely the product managers at OpenAI are briefed on the potential upsides with having the concrete ID for all users.
Making someone produce an identity document or turn on their camera for a selfie absolutely tanks your funnel. It's dire.
The effect is strong enough that a service which doesn't require that will outcompete a service which does. Which leads to nobody doing it in competitive industries unless a regulator forces it for everybody.
Companies that must verify will resort to every possible dark pattern to try to get you over this massive "hump" in their funnel; making you do all the other signup before demanding the docs, promising you free stuff or credit on successful completion of signup, etc. There is a lot of alpha in being able to figure out ways to defer it, reduce the impact or make the process simpler.
There is usually a fair bit of ceremony and regulation of how verification data is used and audits around what happens to it are always a possibility. Sensible companies keep idv data segregated from product data.
> Making someone produce an identity document or turn on their camera for a selfie absolutely tanks your funnel. It's dire.
Yes, but again, a good product manager wouldn't just eyeball the success percentage of a specific funnel and call it a day.
If your platform makes money by subtle including hints to what products to prefer, and forcing people to upload IDs as a part of the signup process, and you have the benefit of being the current market leader, then it might make sense for the company to actually make that sacrifice.
> No one wants to upload an ID and instead is moving to a competitor!
Comments on the internet is rarely proof of anything, even so here.
If no one wants to upload an ID, we'd see ChatGPT closing in a couple of weeks, or they'll remove the ID verification. Personally, I don't see either of those happening, but lets wait and see if you're right or not. Email in the profile if you want to later brag about being right, I'll be happy to be corrected then :)
The average HN user maybe, but elsewhere, I see people uploading their IDs without a second thought. Especially those in the "chromebooks and google docs in school" generation who've been conditioned against personal data privacy their whole lives
There is no way that the likes of OpenAI can make a credible case for this. What fraud angle would there be? If they were a bank then I can see the point.
Regulatory risk around child safety. DSA article 28 and stuff like that. Age prediction is actually the "soft" version; i.e, try not to bother most users with verification, but do enough to reasonably claim you meet requirements. They also get to control the parameters around how sensitive it is in response to the political / regulatory environment.
Do not give your biometric & photos of ID's or videos of your face to these companies. Nether to third-parties. The potential failure modes here are very high risk and not worth it. Better to unsubscribe and let them know why.
The real problem is service providers that you are somehow forced to use that will in turn use AI for various data extraction. They are effectively gatewaying your data to the AI companies and not all of them are sufficiently transparent about this. Mobile phone companies, rental agencies and various other service providers in turn are part of the funnel.
My face is not private information and probably hundreds of other people's cameras capture pictures/videos of me/my face every day.
I hate age verification as a concept and I wouldn't personally go through it to use chatgpt, but "failure modes here are very high risk" is unnecessarily alarmist.
I basically disable all ipv6 on my routers & firewalls completely. Waiting for the day we can disable ipv4 completely instead and use only ipv6 without NAT. But then each device will need its own firewall. NAT basically forces you to use some kind of firewall, which applies to all devices behind the NAT. But if we go all-in on IPv6, the firewall-by-default becomes much harder to implement in practice. Then we will need some kind of distributed/federated firewall config to constantly keep devices usable but safe, but then that will introduce a new set attack vectors. So we are kinda screwed for now. We need that new internet, maybe one where you unify static ipv6, dhcp6, dns, firewalls, nat and a few other friends into a single thing. Or perhaps we can use ipv6 only to get a static ip address for each home/building, which then has a small vlan/vpn to group all your devices together using ipv4 internally for ease of use.. which is close to what we currently have with cgnat+ipv4+wireguard+vlans. All round we have a big mess but it works well, if you know what you are doing that is. This is all to say we can even keep net-neutrality for a while longer, we are okay for now but the american/uk/china/india govs plus entities like cloudflare will actually destroy net-neutrality in the long run. Much like email delivery has already been ruined & captured. Sorry for the rant.
Not really. I’m sure there exists some brain dead CPE without a default-deny firewall. It’s just that I’ve never physically seen once, since around 1999 or so.
Bigger commercial gear, sure, but those would be special-purpose equipment that don’t support NAT either.
To a rounding error, everything which has NAT enabled by default also has a default-deny inbound firewall enabled by default.
You seem to have misunderstood how IPv6 works. In a home setup, all the traffic still goes through a single router which typically has a restrictive firewall enabled by default.
Only if enabled for a specific interface/network/zone/grouping... easy to misconfigure. You can easily misconfigure it to work fine for ipv4 but forgot about ipv6. Depending on what router software you use, this will either be easy or hard to spot. Sometimes the router software won't tell you explicitly that a certain interface is not included or that you have a gaping hole in your network somewhere.
If you use a consumer-grade device at home that you don't have full access to (meaning root via ssh and can update packages, cute web ui's alone don't count), you are screwed in other ways either way (hello open CVE's on unpatched routers....). I literally have a brand new Asus router sitting in a box at home, cause it has 3 open CVE's and asus basically dropped support for it, but they still sell them. Oh and I have root ssh access on it - it is running ubuntu 12 underneath it all (disgusting that asus haven't bumped it). Just all garbage. So I built my own x86 dual-nic/Wifi 6E router box that runs openwrt + adguard home + unbound + wireguard (all on proxmox) and all 4 systems update nightly. This setup absolutely crushes the performance versus top spec consumer-grade routers and I get to monitor it properly and update packages daily.
It is not at all "easy to misconfigure". First of all, the manufacturer is going to configure it for you in 99% of cases, just as they do for IPv4. Second, even if you want to roll your own firewall rules, it's trivial to set up a default deny on all incoming traffic.
I got fed up with Nova and all the others to the point that I've built my own launcher in two evenings. Its just a black screen (no wallpaper or widgets) with a list of alphabetical scrollable apps (almost like how Windows Phone / Lumia looked), no icons/colours. Just black with white text & accents. You can tag an app as a favourite and it will show at the top. Thats it. No internet connection, no real customizations. It works amazingly well and fast and looks awesome on OLED. Once you are used to it, everything else (incl iOS) looks like a circus.
If you are an app developer, remember to add a black/oled theme to your apps. A good chunk of my apps have them and they fit so well with my launcher.
The bro's in the whitehouse is using their mouthpieces to create a volatile market, thus gaming the system with pump & dumps. They are stealing from everyone in a sense.
Same here with the GAN charger. I got myself a 145W GAN charge with one Type-A USB port (charges mouse, bluetooth speaker, toothbrush, body trimmer etc, max 18W) and two Type-C USB ports (45W (charges N100-based Tablet), 65W (charges Ryzen 7 -based HP Laptop)) - it can charge all these things at the same time, while generating almost no heat, no electrical noise. It weighs much less than the 3+ chargers/cables needed by the original setup. I'm amazed about how efficient the GAN charger is. My only irritation with them is that when you plug something in, it re-negotiates all the connections to decide how much power to deliver to each port, so when that happens the devices see a disconnect/reconnect event which can be irritating at times (which can also happens when a device reaches 100%.. and then dipping to 95% and then reaching 100% again.. over and over). But overall best money I've spent on my tech backpack goodies. And maybe 240W/8K/20gbps USB-C cables.
Yeah until google, apple & friends boot them from the stores and block side loading as well. Then we're all screwed, as they will have 100% grip and visibility on comms and won't allow third party encrypted comms. Just wait and see friends, that day is around the corner. Which means all sensitive comms will move back offline...
Most households do not drive more than 100KM per day... yet people are obsessed with range.
My next EV will be a small BYD (dolphin or dolphin surf), these things can get between 200KM and 400KM per FULL charge, depending on your speed and settings. If you use the "slow" wall charger (that doesn't require installation or modifications to home circuits), not only will the batteries last longer, it will easily charge up your 100KM actual drive range in a couple of hours, typically overnight.
If you empty the battery each day and recharge it each night, that nets you 300KM per charge, or 2100KM per week. I don't know a single person or family that does 2100KM a week with their cars. So the whole range anxiety is rubbish. Just plug in every night and go to bed and tomorrow you have another 300km available.
Oh and then there are public fast chargers if you do get stuck. I live in Africa and this is solved problem.
Sorry for the rant..your comment about the expensive charger installations makes my blood boil as most people can just use the normal wall charger and charge overnight.
The thing with range is it's another "thing to worry about" - with a gas car, it's basically nothing to worry about unless you happen to be absolutely on empty and no time to fill up the tank (5-10 minutes unless you have to go way out of your way for gas; rare).
It's like when phones went from 8-10 hour capacity to over a day; suddenly it wasn't a thing you think about anymore.
reply