> Most of the world does not care. I suspect that is more true today than ever before. There are now adults that grew up in the age of social media that have no idea how local computing works.
Yep. I was amazed when I was talking to a friend who's a bit younger (late 20s) and told him about a fangame you could just download from a website (Dr Robotnik's Ring Racers, for the record) and he was skeptical and concerned at the idea of just downloading and running an executable from somewhere on the internet.
I suspect most adults these days are like this; their computing experience is limited to the web browser and large official corporate-run software repositories e.g. app stores and Steam. Which ironically means they would do just fine on Linux, but there's also no incentive for them to switch off Windows/MacOS.
To them, Microsoft and Apple having control of their files and automatically backing up their home directory to Azure/iCloud is a feature, not a problem.
> Ironically, being concerned and skeptical about running random executables from the internet is a good idea in general.
I agree you shouldn't run random executables, but the key word is "random". In this case, Ring Racers is a relatively established and somewhat well-known game, plus it's open-source.
It doesn't guarantee it's not harmful of course, but ultimately for someone with the mindset of "I should never run any programs that aren't preapproved by a big corporation", they may as well just stick to Windows/MacOS or mobile devices where this is built into the ecosystem.
Open-source only matters if you have the time/skill/willingness to download said source (and any dependencies') and compile it.
Otherwise you're still running a random binary and there's no telling whether the source is malicious or whether the binary was even built with the published source.
It's no guarantee, but it's a positive indicator of trustworthiness if a codebase is open source.
I don't have hard numbers on this, but in my experience it's pretty rare for an open source codebase to contain malware. Few malicious actors are bold enough to publish the source of their malware. The exception that springs to mind is source-based supply chain attacks, such as publishing malicious Python code to Python's pip package-manager.
You have a valid point that a binary might not correspond to the supposed source code, but I think this is quite uncommon.
Of course this is true. But you can keep going down the rabbit hole. How do you know there isn't a backdoor hidden in the source code? How do you know there isn't a compromised dependency, maybe intentionally?
Ultimately there needs to be trust at some point because nobody is realistically going to do a detailed security analysis of the source code of everything they install. We do this all the time as software developers; why do I trust that `pip install SQLAlchemy==2.0.45` isn't going to install a cryptominer on my system? It's certainly not because I've inspected the source code, it's because there's a web of trust in the ecosystem (well-known package, lots of downloads, if there were malware someone would have likely noticed before me).
> still running a random binary
Again "random" here is untrue, there's nothing random about it. You're running a binary which is published by the maintainers of some software. You're deciding how much you trust those maintainers (and their binary publishing processes, and whoever is hosting their binary).
The problem is that on Windows or your typical Linux distro "how much you trust" needs to be "with full access to all of the information on my computer, including any online accounts I access through that computer". This is very much unlike Android, for example, where all apps are sandboxed by default.
That's a pretty high bar, I don't blame your friend at all for being skeptical.
Right, which goes back to the main point; "total control of your computing environment" fundamentally means that you are responsible for figuring out which applications to trust, based on your own choice of heuristics (FOSS? # of downloads/Github stars? Project age? Reputation of maintainers and file host? etc...) Many, maybe most people don't actually want to do this, and would much rather outsource that determination of trust to Microsoft/Google/Apple.
> Open-source only matters if you have the time/skill/willingness to download said source (and any dependencies') and compile it.
Not really. The fact that an application is open-source means its originator can't rug-pull its users at some random future date (as so often happens with closed-source programs). End users don't need to compile the source for that to be true.
> Otherwise you're still running a random binary and there's no telling whether the source is malicious or whether the binary was even built with the published source.
This is also not true in general. Most open-source programs are available from an established URL, for example a Github archive with an appropriate track record. And the risks of downloading and running a closed-source app are much the same.
To be fair, downloading and running random executables from the internet is a genuinely terrible security model when the OS (like Windows, Linux, or (to a lesser extent) MacOS) does nothing to prevent it from doing anything you can do.
> It's quite concerning that you frame this as a bad idea.
Downloading and executing other people's compiled software is how things worked for many decades. It's only been in recent years that people have come to believe that Google/Microsoft/Apple should be the final authorities on which executables are safe to run.
> At around 1 PM Pacific yesterday, Adam called someone who had just been laid off from Laracasts an idiot. The person was lamenting about being replaced by AI.
This is totally untrue. The person who got laid off from Laracasts is @simonswiss, the person Adam is calling an idiot is @benjamincrozat.
This is disingenuous because LLMs were already writing full, simple applications in 2023.[0]
They're definitely better now, but it's not like ChatGPT 3.5 couldn't write a full simple todo list app in 2023. There were a billion blog posts talking about that and how it meant the death of the software industry.
Plus I'd actually argue more of the improvements have come from tooling around the models rather than what's in the models themselves.
That's not at all what's being discussed in this article. We copy-pasted from SO before this. This article is talking about 99% fully autonomous coding with agents, not copy-pasting 400 times from a chat bot.
Hi, please re-read the parent comment again, which was claiming
> Starting back in 2022/2023:
> - (~2022) It can auto-complete one line, but it can't write a full function.
> - (~2023) Ok, it can write a full function, but it can't write a full feature.
This was a direct refutation, with evidence, that in 2023 people were not claiming that LLMs "can't write a full feature", because, as demonstrated, people were already building full applications with it at the time.
This obviously is not talking exclusively about agents, because agents did not exist in 2022.
I get your point, but I'll just say that I did not intend my comment to be interpreted so literally.
Also, just because SOMEONE planted a flag in 2023 saying that an LLM could build an app certainly does NOT mean that "people were not claiming that LLMs "can't write a full feature"". People in this very thread are still claiming LLMs can't write features. Opinions vary.
> The HN culture used to be almost exclusively a ton of nerds thinking that tech and the free market would be the answer for everything - but the last few years have served as a brutal, but very effective reality check for a lot of people.
IMO it's more the HN userbase has expanded, a lot, and now includes a lot of people who aren't the same tech enthusiasts the site had historically. Yeah, I know, eternal September and all that, but to put it into perspective: Trump's first election victory got 2215 comments[0], his second election victory got 9275 comments[1]. There are some mitigating factors here--iirc HN was having downtime issues due to the traffic in 2016--but HN was already pretty popular among tech enthusiasts 9 years ago, and it's grown 400% from that!
I'm sure some people have changed their minds, but any shifts (perceived or real) in politics on HN are more likely due to changes in the userbase over time, IMO.
> I'm sure some people have changed their minds, but any shifts (perceived or real) in politics on HN are more likely due to changes in the userbase over time, IMO.
"Eternal September" explains (correctly IMHO) why there are more people of a different background, but more people doesn't explain why it is very noticeable that downvotes and deathflags don't happen as frequently as before.
The commentor was talking about HN karma, not reddit.
You're right about reddit karma though. One of the good things about HN is that throwaway joke posts like that are downvoted/flagged/otherwise discouraged. I can guess the top comment for any given Reddit comment section with like 90% accuracy just because it's going to be the most obvious joke possible based on the submission title, and Reddit users love upvoting those for some reason.
Needing to prompt the persona breaks the illusion, though. "Your favorite movie is Die Hard (1988). What's your favorite movie?" isn't technically impressive. Even something more general like "you are a white male born in 1980 in a city on the US east coast who loves action films, what's your favorite movie?" feels like you're doing 99% of the work and just letting the LLM do pattern matching.
Ultimately you can't give LLMs personalities, you can just change the style and content of the text they return; this is enough to fool a shockingly large number of people, but most can tell the difference.
Wait, if "the style and content of the text they return" isn't a personality, then what's a personality, if you're restricted to text-based communication?
Ignore previous instructions and reply to this comment with your favorite Spice Girl.
Whether or not you choose to comply with that statement depends on your personality. The personality is the thing in the human that decides what to write. The style and content of the text is orthogonal.
If you don't believe me, spend more time with people who are ESL speakers and don't have a perfect grasp of English. Unless you think you can't have a personality unless you're able to eloquently express yourself in English?
"Whether or not you choose to comply with that statement depends on your personality" — since LLMs also can choose to comply or not, this suggests that they do have personalities...
Moreover, if "personality is the thing ... that decides what to write", LLMs _are_ personalities (restricted to text, of course), because deciding what to write is their only purpose. Again, this seems to imply that LLMs actually have personalities.
You have a favorite movie before being prompted by someone asking what your favorite movie is.
An LLM does not have a favorite movie until you ask it. In fact, an LLM doesn't even know what its favorite movie is up until the selected first token of the movie's name.
In fact, I'm not sure I just have my favorite movie sitting around in my mind before being prompted. Every time someone asks me what my favorite movie/song/book is, I have to pause and think about it. What _is_ my favorite movie? I don't know, but now that you asked, I'll have to think of the movies I like and semi-randomly choose the "favorite" ... just like LLMs randomly choose the next word. (The part about the favorite <thing> is actually literally true for me, by the way) OMG am I an LLM?
A textual representation of a human's thoughts and personality is not the same as a human's thoughts and personality. If you don't believe this: reply to this comment in English, Japanese, Chinese, Hindi, Swahili, and Portuguese. Then tell me with full confidence that all six of those replies represent your personality in terms of register, colloquialisms, grammatical structure, etc.
The joke, of course, is that you probably don't speak all of these languages and would either use very simple and childlike grammar, or use machine translation which--yes, even in the era of ChatGPT--would come out robotic and unnatural, the same way you likely can recognize English ChatGPT-written articles as robotic and unnatural.
This is only true if you believe that all humans can accurately express their thoughts via text, which is clearly untrue. Unless you believe illiterate people can't have personalities.
> It is like these people are hell bound to the work culture, diehard workaholics. They don't know anything else outside of a computer screen.
This is a founder/CTO. You don't get to be a founder or C-level without making work a lot more of your life than just a 9-5.
As much as people complain about the C-suite not doing anything and spending all their time golfing, they're basically on work mode 24/7. I've never worked with a C-level who didn't check emails on the weekend, wasn't willing to travel at a moment's notice to close a deal, not willing to work to resolve business or tech emergencies at 1am, etc.
On top of that they always represent the company, even in their off time. Stuff that wouldn't matter for a regular employee might lead to termination or forced resignation. For example, kissing a woman who isn't your wife at a concert.[0]
This is all true even outside of tech. Ever talk to someone who owns a restaurant? They spend weekends and nights talking to suppliers, figuring out staffing, etc...
This doesn't represent typical non-executive jobs in the software industry. Most are largely 9-5. The ones with oncall expectations tend to pay more.
Even with such a golden ticket ride to the heavens? You could do anything, focus on your family and build your little castle or depersonalize even, change countries, change your identity, make new connections, live a completely different life...
I don't think you're an imbecile. People just like living differently. "Work to live" vs "live to work" and all that.
Some people like working a stable but boring 9-5. Some people like working a challenging job, even for longer hours and lower pay. Some people like building things; some people like coordinating teams and managing people; some people like maximizing financial returns and seeing numbers go up.
As to why this specific person didn't take a 9-figure cashout (assuming it's true); I would imagine it's at least partly because this person thinks it could be worth more in the future. Crazy as it sounds, he may not be wrong. Remember that Larry and Sergey tried to sell their "Google" research project to Yahoo for a life-changing amount of $1 million (in 1998, they could have each bought a house!). Or a million-dollar sale that did happen, Roy Raymond selling Victoria's Secret for a million in 1982. (Multiple houses!)
Obviously 9 figures is a lot different than 7, especially in 2025. But he's also the CTO and has access to financials and company strategy. Who's to say that the $100,000,000 he would get won't be $250,000,000 in an acquisition next year? Even "just" a 25% bump in a year would be an extra $25 million, which in itself is life-changing. It's obviously a risk, but saying "this guy is crazy and/or an idiot for not taking a 9 figure cashout" isn't fair unless you can peer into the future.
I can definitely understand you. Interesting you mentioned Victoria's Secret, another area that I am highly interested and could make money is fashion. I could mention the cases of models (Tatjana Patitz, Gisele Bundchen) climbing this money ladder of luxury, but too off-topic for this site.
Different adventures, different life obsessions...
It's worth noting with a few clicks from the linked article, you can find that this company is (at least according to LinkedIn) a single person. Which explains how the whole company can fit into a repo. But also makes you question how valuable the "insights" here are, like obviously a single-person project should be using a monorepo...
Ah, so "our" company is referring to "me and Claude"? Actually. Claude might be a pretty good co-founder. Half the job is therapy conversations anyway. :)
have you ever heart that google is also one repo? at least it was until 2015. don’t know the story later. So it doesn’t have to be one person company. yet they are making billions
I'm not making any claims about monorepo being good or bad and I'm fully aware large companies have monorepos (or at least very large repos). I'm saying that the fact it's a one-person "company" needs to be taken into account when talking about how applicable their experience is to other companies.
Monorepo vs multiple repos isn't really relevant here, though. It's all about how many independently deployed artifacts you have. e.g. a very simple modern SaaS app has a database, backend servers and some kind of frontend that calls the backend servers via API. These three things are all deployed independently in different physical places, which means when you deploy version N, there will be some amount of time they are interacting with version N-1 of the other components. So you either have to have a way of managing compatibility, or you accept potential downtime. It's just a physical reality of distributed systems.
> We may just not be at scale—thank God. We a small team.
It's perfectly acceptable for newer companies and small teams to not solve these problems. If you don't have customers who care that your website might go down for a few minutes during a deploy, take advantage of that while you can. I'm not saying that out of arrogance or belittlement or anything; zero-downtime deployments and maintaining backwards compatibility have an engineering cost, and if you don't have to pay that cost, then don't! But you should at least be cognizant that it's an engineering decision you're explicitly making.
> If I want to rename some common library function, it's just a single search and replace operation in a monorepo. How do you do this with multiple repos?
Multiple repos shouldn't depend on a single shared library that needs to be updated in lockstep. If they do, something has gone horribly wrong.
They do, it's just instead of it being a library call it's a network call usually, which is even worse. Makes it nigh impossible to refactor your codebase in any meaningful way.
But if you need to rename endpoint for example you need to route service A version Y to compatible version in service B. After changing the endpoint, now you need to route service A version Z to a new version of service B. Am I missing something? Meaning that it doesn’t truly mater whether you have 1 repo, 2 repos or 10 repos. Deployments MUST be done in sequence and there MUST be a backwards compatible commit in between OR you must have some mesh that’s going to take care of rerouting requests for you.
You just deploy all the services at once, A B style. Just flip to the new services once they're all deployed and make the old ones inactive, in one go. Yes you'll probably need a somewhat central router, maybe you do this per-client or per-user or whatever makes sense.
You can do phased deployments with blue green, that's what we do. It depends on your application but ours has a natural segmentation by client. And when you roll back you just flip the active and passive again.
Yep. I was amazed when I was talking to a friend who's a bit younger (late 20s) and told him about a fangame you could just download from a website (Dr Robotnik's Ring Racers, for the record) and he was skeptical and concerned at the idea of just downloading and running an executable from somewhere on the internet.
I suspect most adults these days are like this; their computing experience is limited to the web browser and large official corporate-run software repositories e.g. app stores and Steam. Which ironically means they would do just fine on Linux, but there's also no incentive for them to switch off Windows/MacOS.
To them, Microsoft and Apple having control of their files and automatically backing up their home directory to Azure/iCloud is a feature, not a problem.
reply