Get the LLM to read and summarise N pages at a time, and store the outputs. Then, you concatenate those outputs into one "super summary" and use _that_ as context.
Theres some fidelity loss but it works for text, because there's quite often so much redundancy.
However, I'm not sure this technique could work on code.
This is impressive! Some interesting (and seemingly accurate) insights on my own behaviours :-)
Caveat: I didn't try this on desktop. On mobile (DDG Browser) I couldn't actually see any charts on the questions I asked. Whilst the display of the tables (dataframes?) is nice, my suspicion is a general user would prefer a graph or table _by default_. I needed to prompt specifically to get the workflow to output a graph for me.
Thanks for the feedback! We've noticed o3 doesn't tend to make graphs when it should but sonnet makes too many graphs... We'll have to keep tweaking this. Mobile definitely needs some work but I'm glad it worked for you.
I have been using Linux on "bare metal" for quite some time, as my primary operating system on the machines I've owned. When I've needed Windows, I've run it in a virtual machine. This has been my MO on my personal machines for over 10 years.
On my most recent machine however, I've opted to do this the other way around. I'm running Windows 11 Pro, running Linux on Hyper-V.
The experience has been.... Fine! I may actually prefer this setup (time will tell). Everything hardware related "just works". As per another thread on HN, Linux does seem to run very well virtualised compared to Windows. People will get riled up about needing an MS account. But I suppose that hasn't bothered me too much yet (who knows I may change my stance on this).
The reality is, messing around with drivers, the Linux wireless stack, display resolutions, firmware updates (ie the nuances of running Linux on a laptop) offers zero value to cloud workloads.
So I don't think running Linux directly on the hardware is an absolute necessity.
You can achieve similar levels of productivity and knowledge uplift if you: reserve Windows use for only things that require Windows (eg Ms office, and zoom meetings with a Bluetooth stack that won't drive you insane), and do EVERYTHING ELSE in your VMs.
Whilst it doesn't have the mindshare or some features which are tablestakes for enterprise customers, I've found Linode's pricing to be extremely predictable for small projects. Even post Akamai acquisition. I'm sure other smaller players are also just fine.
Couple that with the fact you can achieve quite a bit on simple set-ups that are adequately sized to begin with, you can save quite a bit.
Not all of us need elasticity, or environments being spun up/down on commit.
Curious, do you have a Windows host and Linux guest(s)? Or the other way around?
I currently have Linux as my primary with a Windows guest OS for when I need it (e.g. Office - I actually think Excel is great - or if I'm doing any Win32/C++ dev). But, I'm thinking of doing it the other way around on my next PC.
My experience has been that Linux is significantly more stable under a VM on Windows or Mac than directly on all but the most conservative hardware. Fewer weird multimedia glitches, no needing to involve any part of the Linux wireless stack of any kind (Bluetooth especially, but also WiFi), fewer video driver issues, fewer program or windowing system crashes.
Sadly, vmware, which scares me now that broadcom owns it.
It's had the best balance of seamless + good-enough graphics performance (for media, not games)
My personal rank is
vmware
virtualbox
qemu
I never tried hyper-v by itself.
vmware actually can use hyper-v as a hypervisor if its enabled (as you need it when using WSL), but its inferior to using vmware's own solution, as I end up with weird networking behavior. it does work though.
I think on linux qemu may be the best, but on windows it is rough. I think vmware just has better video technology and better integration technology, such that its easy to copy-paste files, share clipboards, full screen etc.
I'll preface this with the fact that I appreciate the opportunity for discourse without degenerating to our base/tribal/Neanderthal brains. And, also, a chance to converse with someone outside my own echo chambers. Most of my circle is non-Israeli, and non-Jewish.
> I'm literally running to a bomb shelter multiple times a day as rockets are fired at me
I'm sorry to hear this. This must be a terrible way to live, constantly in mortal fear of attacks from the other side. I will be the first to admit that I cannot relate to this, I've always lived in peaceful/stable environments (touch wood).
Can I pose a completely hypothetical counter-question, based on your own question with one variable changed: If it were somehow true that Hamas was firing rockets from _within Tel Aviv_ hospitals and/or using _Tel Aviv_ hospitals as a base of operations, would you consider it justified for the IDF to bomb that hospital?
> I'm sorry to hear this. This must be a terrible way to live, constantly in mortal fear of attacks from the other side. I will be the first to admit that I cannot relate to this, I've always lived in peaceful/stable environments (touch wood).
Thank you. I will say that there are people in much worse situations, we still feel relatively normal, except for running to bomb shelters a few times a day and except for the worry that worse is coming. But we're in the center. Many Israelis have had to evacuate their homes and probably won't be back for months.
And of course, the Palestinians in Gaza have it much worse than us, even on a good day.
> Can I pose a completely hypothetical counter-question, based on your own question with one variable changed: If it were somehow true that Hamas was firing rockets from _within Tel Aviv_ hospitals and/or using _Tel Aviv_ hospitals as a base of operations, would you consider it justified for the IDF to bomb that hospital?
An interesting question. I suggest you think about it the same way as what would happen if bank robbers took over a bank in New York, and were firing rockets at the population - would you consider bombing the bank justified? If it were the only way to prevent mass casualties outside the bank, then yes, I think it would be (and would be effectively what the police/army would do.)
But here's what makes this situation unrealistic/different: If Hamas had taken over a hospital in Tel Aviv, the hospital wouldn't continue to operate like normal. The people in the hospital would either evacuate, or would fight Hamas. If Hamas somehow managed to take over the hospital anyway, we'd be talking about a hostage situation where Hamas had a hospital-full of hostages. Then probably what would actually happen is we'd send in soldiers and/or police to try to root them out by force.
If they were somehow holed up in there, and were actively firing rockets that were killing people, then I assume there'd be some determination of whether the army/police were able to remove them quickly, before the death/damage from their rockets proves too much. If not, then for sure there'd be a discussion of whether bombing the hospital is the right choice, though it would have to be a pretty extreme situation (since ground troops probably would be able to get in, and the hostage casualties would be far too high in directly bombing it.)
The difference with the situation in Gaza is obvious IMIO. Whereas in a hospital inside Tel Aviv, Hamas is surrounded by an endless amount of Israeli ground forces that have access to it, inside Gaza that's not the case. I imagine this is actually one of the reasons for the large bombing campaign - to prepare the way for ground forces to invade, so that among other things we can surround any building with troops.
I think it suffices to say that quite a bit of thought and justification would precede striking a hospital in all of these scenarios. I do hope that this level of thought and consideration is standard operating procedure in the retaliations right now. Mainly to restore some morcel of faith I have in humanity. But I, and those disconnected from internal Israeli military comms (ie most of us) can't be sure.
The political optics/rhetoric aside, the images that I see of wounded children are heartbreaking. The recounts I've read about what happened on October 7th are horrifying. If the stats are accurate, they are depressing as hell. This war has amassed almost a fifth of the total civilian death toll of the 20-year long US War in Afghanistan. In. One. Month.
Collectively I think we can agree that this needs to stop. I hope it stops. But given the track record of skirmishes and hostilities in the region, I'm losing faith.
If the statistics of civilian and children deaths are even 50% accurate, even if Israel succeeds in destroying Hamas, I fear the collateral damage and the cost of human life will just create a future generation of armed boys who all lost their parents in air strikeS in October 2023. They might just call themselves something different.
And so the cycle continues.
I know many people on both sides alike want peace. But it will take a truly superhuman person to walk across that border and say "I forgive you."
When that day comes, a person who's death would be mourned by both sides, we may have some hope.
Until such a day, stay safe. I'll go give my kids a hug now.
I've found that, for me anyway, one centered large monitor with enough real estate for your daily tasks is better than N smaller monitors. This is even if "total number of pixels" is larger on the N-monitor setup.
It's one less decision to make 1000 times a day (which monitor should this thing be on?), and reduces neck strain resulting from switching your focus between monitors.
I'm pretty sure the stated intent of the redirect is to prevent phishing (that is, provide an opportunity for Google to warn users about visiting a known dodgy site). The ability to track is just an added bonus!
Microsoft does this too with Teams. Links that my colleagues and I share with one another to _internal company sites_ get link checked then redirected. Microsoft must have a treasure trove of data about external company employee browsing habits as a result.
I would have infinitely more respect for companies that are upfront about their intentions, no matter how nefarious: "we're doing this to help protect you from phishing. But also, 99% of links are probably not phishing. So this feature really enables us to collect data to track what you do, and perform analytics to improve our bottom line".
I DESPISE these links from Outlook and Teams (not sure if it is specifically the teams implementation or something else).
I don't know about your company but mine has us do these phishing tests and training videos all the time and then we get rid of one of the safety features that they keep hammering us about.
I can't just look at the URL before clicking it. I once "fell victim" to one of our phishing tests because I clicked the link in the email. And its like... well we have been trained by our own email system that the only way to actually see the validity of the link is to click it.
Those corporate phishing tests are often administered by KnowBe4, and KnowBe4 identifies their phishing emails with custom email headers (can't remember what it is off the top of my head). So if you view the source code of an email and look for the obvious KnowBe4 header, you can tell ahead of time.
It just frustrates me that I have brought this up multiple times, wondering why we are paying to do this training and then we can't actually do the training.
Like it would be one thing if the URL then just had the full URL in it and we could still see where it was going. But no, it is a completely obfuscated URL.
The worst part is, it isn't like it takes you to a page to verify you actually want to go to this link. It just takes you right there assuming you are on a browser that has approved that it can open links from your email.
I really really want to do know what good this does AT ALL besides likely checking some checkbox for something.
In their defence, curl isn't completely benign in this case. You just confirmed to the person who sent you the link that your email address is valid and reaches a person.
Also, there's no reason to believe that you're curling the same redirect as you get from clicking the link.
There's this thing compromised webservers do where, if you type in www.example.com into your browser, and go straight there, you get the normal web page. If you click a link from Google, and have a google.com referrer in your request, you get a little bit of JavaScript included that that redirects you to another site to buy herbal remedies or fake watches or whatever.
If you are the business owner and go directly to your home page to see what's what, you think everything is fine; if you are a tech trying to debug it and you curl the webpage, everything looks fine [unless you curl with a referrer set]. You probably think Google has the wrong URL or something.
Likewise -- I don't know what a click-through from an email client looks like, but it wouldn't surprise me if there's an identifiable header or referrer or something. If that's the case, you could write your malicious URL shortener to redirect you to www.example.com/ if you curl it bare, or www.exam.ple.co/m/ if you have the redirect header. Curling the URL in question doesn't necessarily prove it's safe to click on.
Not that depressing. Audit your current web server configurations. You can dump the in-memory representation generally. Diff it with the on disk representation, and bam. Instant canary. If you're worried about a tainted on disk version, do the integrity check against a version invisible to the outside net.
Also, redeploy configs and reload on the regular, and you essentially force an actor to get an active foothold on your system to re-exploit and persist the compromise.
It's not impossible to defend yourself against these types of things if you're vigilant. You can also script your deployment to the point where you can nuke your site from orbit with minimal impact, and reestablish it. It's all about your threat model.
But yes. Things like nginx, apache & co are remarkably comprehensive in the things you can configure them to do. I find that my most dreaded part of standing up a new service is inevitably writing the load balancer/host web server configs.
You're completely right of course, and I hadn't considered that.
However, there's apparently people scraping and reselling (or bribing employees, dunno) corporate directories. In my case everyone has firstname.lastname@corpo.com, so judging by the high volumes of creepy ass, targeted corporate spam I get on my work mail... this is hardly a public secret.
Not necessarily? What's stopping an email server from probing links in all incoming emails regardless of valid recipient for malware analysis purposes?
In fact, I would be surprised if, e.g., Gmail, does not do this.
Our tests (outlook email) motherfucking bypass user filters too. I wrote some so I’d never have to worry about these damn things, but they go right through.
Guess I’m going to have to configure an actual user-agent email client that won’t screw me when someone else asks it to.
It's the word "win" that bothers me in this context.
Until one sees that conflicting models can make "security" a zero sum
game, in which your security is my insecurity and vice versa, there is
only psychological splitting, posturing and clamour for the "moral
high ground".
Indeed, even using the word "security" as a bare noun is a mark of
presumptuousness. One must always ask; Security for whom? Security
against whom or what? Security to what end?
Unilaterally imposing a harm (leaking of data) upon others is
disdainful, but then offering "security" as your reason/excuse, is
condescending, since you do not know what my security needs are and
how they are prioritised.
When it comes to messing with my data or devices "for my own good" the
only proper response is "I'll be the judge of that!"
Many then respond that "people are too stupid and need a firm hand",
which is not a good look, and frankly cuts to the core of so many
problems in technology today.
Companies like Google need a better moral, sociological and
psychological map of reality before putting on their boots and
marching off down the road of good intentions in the direction of
Hell.
Interesting, I wasn't aware Google had actually stated "we don't use this data for tracking, and we only use it for link protection" (does it?).
Assuming true: you are right in that it's basically no-win. The fact that Google draws so much revenue from advertising makes it difficult to reconcile.
Nothing short of a third-party code audit of Google's code against their asserted privacy policy would appease everyone. And even then, there would be doubters.
More importantly: Google is in a jurisdiction that can mandate warrantless surveillance orders that require realtime surveillance of given selectors (i.e. IPs or users). They comply or they go to jail.
Even if the stated and official policy of Google is to never track these, and everyone at Google is 100% on board with this and will never change, they are subject to being Agent Smith'd at any time by the FBI/DHS and NSA and CIA and the rest of the US IC, critically: without probable cause or a search warrant. The US has abandoned the rule of law and the constitutional protections against unreasonable search. This applies to every single US-managed services vendor.
The decision to track or not track is simply not in their hands. If they get handed an NSL, a FISA order, or a regular old search warrant, they have to start turning over everything they have.
Third-Party Doctrine nips pretty much every expectation of privacy in the bud before we even get to things like special carve-outs for Law Enforcement.
As long as SCOTUS holds that business meta-records shared with a third party intermediary waive any expectation of privacy, the 4th Amendment is basically moot unless you self host everything.
Things might change for the better if everyone can get there, it'd basically ruin the raison' de etre of many of the business models currently espoused/searched for opportunities to implement here.
The Government loves when you build a platform. The Government hates when you enable everyone to set up their own platforms.
> The US has abandoned the rule of law and the constitutional protections against unreasonable search
Those constitutional protections protect US citizens anywhere and noncitizens while they are in the US. Warrantless surveillance of communications affects noncitizens outside the US. The US is still very much a nation of laws.
Human rights to privacy do not hinge upon location or citizenship.
Indeed, the declaration (written by British crown subjects) makes it clear: “that all men are created equal, that they are endowed by their Creator with certain unalienable Rights”.
It doesn’t say “all americans”. The constitution doesn’t grant the rights, it merely recognizes the existing ones... but you already know this.
> Warrantless surveillance of communications affects noncitizens outside the US.
We have also learned, again and again, that it affects US citizens, too, in violation of the law. The IC doesn’t care that much beyond keeping up appearances that they comply with the law.
These are the same people who ran torture centers, lied to Congress, got caught, and hacked Congressional computers to delete evidence, then got caught doing that, too. Nobody went to jail or was even charged.
> Indeed, the declaration (written by British crown subjects) makes it clear: “that all men are created equal, that they are endowed by their Creator with certain unalienable Rights”.
Three problems:
1. The Declaration is not the law of the land, nor does it grant "constitutional protections."
2. None of the inalienable rights it lists are protection against warrantless wiretaps.
3. Some of the rights clearly don't apply to foreigners because the Constitution, which is the law of the land, provides for warmaking.
> The constitution doesn’t grant the rights, it merely recognizes the existing ones... but you already know this.
The Constitution says how the government works. A society can decide to require court orders for surveillance or not. The US government requires them, while the British government does not.
> We have also learned, again and again, that it affects US citizens, too, in violation of the law. The IC doesn’t care that much beyond keeping up appearances that they comply with the law.
We've learned exactly the opposite from both recent leaks and from oversight reports. They try to follow the law closely.
Since U.S. public school districts and students under the age of 18 use Google Docs pretty much exclusively these days, this seems like a privacy lawsuit waiting to happen.
I’m sure they can just print out a little pamphlet to shove in the Chromebook box that says “by being in the same room as this computer you agree to blah blah blah”. US consumer protection laws are worthless.
I encounter similar annoyances with things like "link previews" (impossible for an internal site, or one which requires authentication), and as a result have come to slightly "obfuscate" all links I send through such software. Sometimes I just don't send any links at all --- something like "HN item 37776492" suffices.
Where I work the onboarding sheet instructs you to make a custom search engine for servicenow because it's way faster to bang in the record number than to use a link in Teams.
How does the fact that most links aren’t phishing links play into anything? Maybe we don’t need AV because most files aren’t viruses? You had enough of a point without this.
> Maybe we don’t need AV because most files aren’t viruses?
Since you used that example...
How would you feel if everyone in their neighborhood got assigned a private security officer that sits in their apartment doorway all day and notes who comes and goes? The company argues that it's to protect from the thieves and fraudsters, and indeed there are always some break-ins or grandparents scammed somewhere. Oh, and everyone gets an officer free of charge - it's paid for by the ads they wear on their vests and that play regularly on their walkie-talkies. Would you trust the security company that all the notes, taken by a person in the privileged position of observing everything in your home, will only be used to prevent crime and nothing else, ever?
Back to your example - AV companies are quite shady these days, and their products not all that useful relative to costs/damage and snooping they do.
This is a weird example you posed because it's a real thing. It's called a doorman and it's very popular in new york (it's considered a luxury to have one)
Indeed. Except in that poster's example, imagine the doorman isn't merely looking over the building. Every door in the building has a doorman. The doorman to the building is more palatable because it's beyond their capacity to monitor all activity and movement through the building.
The League of Meticulously Documenting Doormen on the other hand is a much greater threat to privacy. We're increasingly in jeopardy with regards to implementing that. The more we don't push back against unnecessary logging, the bigger the problem we're building socio-technically.
I see your point, but comparing this with an off-line AV scanner with a regularly updated internal database (assuming that's what you meant) is not an apt comparison.
The analog would be an AV scanner that sends a list of your files/hashes to a centralised server somewhere, so that the company can target ads related to your file contents (or sell your data...), in addition to warning you about viruses.
Agreed that % true positive is not a factor in whether or not to have a given security feature. But it is merely convenient that the vast majority of the usage of this "link protection" feature would benefit Google/MS and not the customer/user (assuming that Google/MS are data mining, which is yet unproven in this use case).
> The analog would be an AV scanner that sends a list of your files/hashes to a centralised server somewhere, so that the company can target ads related to your file contents (or sell your data...), in addition to warning you about viruses.
Is there an antivirus program that doesn't do this? I've been assuming for a very long time that windows defender does, Norton/McAfee/Avast too. I'd be shocked if they didn't
I largely agree with you, but GP didn't specify they are talking about an off-line AV scanner. In fact Google itself has an online AV scanner that scans attachments in gmail, files downloaded in Drive, etc.
> I'm pretty sure the stated intent of the redirect is to prevent phishing (that is, provide an opportunity for Google to warn users about visiting a known dodgy site). The ability to track is just an added bonus!
Yep, I've long conjectured that Excel is what sells MS office. Every other product in the Office suite, including PowerPoint, has very viable alternatives.
Excel has a 100% a strong-hold in most finance departments. I've worked with many finance professionals who's very first instinct for any type of work is to open Excel. When interacting with any data outside of Excel, they'll demand a way to get it into Excel.
It’s JS rather than Python, but Google Apps Script is quite useful for this, IME.
I once wrote a small app to add up all shared expenses among a group of roommates and calculate how much each owed the others. It pulled together rent (recurring), various utilities (from my gmail) and one-off shared expenses (e.g. toilet paper) from a Google form/spreadsheet, added in any money owed from the prior month and generated a nice report, in what ended up being 100-200 lines of code after a few years of living together.
To be clear: I'm not bashing Excel. Agree that there isn't a viable alternative for explorative table manipulation, and the experience of "think/change/see-results" is second to none. I myself use it for low-stakes tasks such as personal budgeting and quick analysis to validate my assumptions on tabular data.
Key word there is low-stakes. I think Excel gets a lot of heat because it's often found used in contexts where it's wholly inappropriate to use (eg driving critical production decisions from SalesAnalysis_JimVersion_v1.8_FINAL.xlsx). That's not really Excel's fault.
They just announced this, but it runs python in an azure container - not sure how it hooks into excel unless excel is also running in the cloud, but a lot of people would want to run it locally instead.
I’m a very happy (and I believe competent) Apple Numbers user. The only thing I miss from Excel is recursive evaluation (which is necessary for evaluating certain financial models).
