Hacker Newsnew | past | comments | ask | show | jobs | submit | shuckles's commentslogin

This is a superficial complaint. In practice, the US doles out enormous amounts of social assistance. Disability, social security, and healthcare are an enormous part of the federal budget. Maybe it will be gated behind make-work or some other scheme.


> This is a superficial complaint. In practice, the US doles out enormous amounts of social assistance

Good point. So we should ask those people how the reliance on social assistance has really worked out for them. Do they generally feel respected and valued by the systems that pay them? Are they happy with the amount of assistance they receive?

reply


He can be at the frontier while just having a regular job. Every other option is a lot more work.


GPT-1 presumably, which was released a year after he left. Prior to focusing on GPT, OpenAI was pursuing a lot of research directions.


No it doesn’t? It matches his skills to the lab’s needs. Karpathy is a media personality, manager, and educator far more than he is a hands-on researcher.


he’s not a hands-in researcher just like lebron is not a basketball player but media personality :)


It’s kind of useless to argue through metaphors here. There are a hundred researchers with more significant contributions to theory and practice than Karpathy. If you disagree, I’d love to see what papers or implementations you think he’s offered that pushed SOTA.


Lebron can still dunk when he needs to!


Average people don’t want to spend their lives managing permissions. You could go ahead and use Android or ChromeOS.


No average person cares about your side project, and most people prefer Apple’s product decisions over the ones you’d like them to make. Based on your history with technology, you are a Windows developer who would like to distribute apps on Apple’s platform without learning about what makes for a great app on that platform.


Browser vendors have been able to ship their own engines in the EU for almost 2 years now. What great benefit to consumers has that enabled?


You aren’t going to run a network connected 24/7 online agent from a laptop because it’s battery powered and portable.


OpenAI did not "bet" on Jony Ive. They bought his company io Products.


Is that not a bet?


It's certainly not a good way of explaining that this is a hire and not an acquisition!


The people complaining about Safari often are running enterprise crapware that requires some esoteric Chrome API or bug to operate correctly and should actually be an app on iOS but cannot be funded as such because its creators don’t care about its users.


Then again, if a company can't polish a web browser app, then the native app they'd produce will be even worse.

Now you have a crappy app that only works on some devices, and now with no tabs, no links, text you cannot select anymore because they used the wrong component, etc.

Ugh.


Well, formerly you would have been right, but WebUSB and whatnot are gaining a lot more traction.

I didn't take WebUSB seriously until I steered someone to flashing a small firmware onto something and they could do it straight from the browser! And it was a nice workflow too, just a few button and a permission click.

Two other examples I can think of are flashing Via (keyboard) firmware and Poweramp using WebADB via WebUSB to make gaining certain permissions very easy for the layman. I imagine it's gonna get more and more user in enterprise too.

Firefox is seriously behind by refusing to implement it.


WebUSB is a giant gaping hole in the browser sandbox. Innocent use cases are really nice, I've used WebUSB to flash GrapheneOS on my device, but the possibilities for users to shoot themselves in the foot with nefarious website are almost endless.

Consider the fact that Chromium has to specifically blacklist Yubikey and other known WebAuthn vendor IDs, otherwise any website could talk to your Yubikey pretending to be a browser and bypass your 2FA on third party domains.

I'm conflicted on WebUSB because it's convenient but on the balance I think it's too dangerous to expose to the general public. I don't know how it could be made safer without sacrificing its utility and convenience.


It really isn't. Chromium (since 67) does USB interface class filtering to prevent access to sensitive devices. Then there is the blacklist you mentioned.

On top of that, straight from Yubico's site:

".. The user must approve access on a per website, per device basis .."

This isn't any more a security hole than people clicking "yes" on UAC prompts that try to install malware.


> ".. The user must approve access on a per website, per device basis .."

Of course, but a phishing website "fake-bank.com" could collect user's username, password, and then prompt them to touch their yubikey. This wouldn't trigger any alarm bells because it's part of the expected flow.

> This isn't any more a security hole than people clicking "yes" on UAC prompts that try to install malware.

Yes it is. The only reason why Yubikeys are immune to phishing and TOTP codes aren't is because a trusted component (the browser) accurately informs the security key about the website origin. When a phishing website at "fake-bank.com" is allowed to directly communicate with the security key there's nothing stopping it from requesting credentials for "bank.com"


Again, that exploit factor is irrelevant now because WebUSB is blacklisted from accessing, among other things, HID class devices. So no site, even with permission, can access U2F devices over WebUSB. There is no special blacklist needed per vendor or anything.

You are right that it was a security hole in Chrome <67. Which is almost a decade in the past by now.


> some esoteric Chrome API or bug

Or simple things like supporting 100vh consistently. Is that estoric?


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: