coordination must mean, 'i've been threatened legally by'

thats a lot of companies for a guy so young. Probably gets the boot a bunch.

"sent from my iphone" originally meant more than just "i have a fancy phone that lets me send email" in the early days it meant "I'm not at my desk right now."

I mean I use it and then it seemed like everyone was acting like it it was a weird llm only word.

I get the criticism but also I don't get the criticism.

Thank fuck that someone found this bug and let them and the rest of us about it so we can protect ourselves. My forgejo instance was already running on my tailnet with no public exposure but had been considering public disclosure of it for some collaborators.

There has been a lot of talk around forgejo as an alternative to github for months now. To now understand that their security posture seems to be, 'like, yaknow, whatever...' is disturbing.

I think both parties can take this opportunity to mature. I understand that Forgejo is a community project, but community projects should have standards or very explicit disclaimers when it comes to security.

I think the author would argue they did try to do so, but their efforts were poorly received.

The author doesn’t owe forgejo anything. They are doing them a favor by highlighting the issues

coordinated disclosure has always been a courtesy (with a deadline to motivate the vendor to fix their stuff) and i don't like how people seem to just expect it now

'we know we sold you 50 gallons of gas, but you are only allowed to use 40 gallons.'

Nobody ever uses more than 40 gallons though. So if you do, you're abusing the system.

If I'm making a lot of short journeys in the heavy traffic I'm using a lot more than someone who commutes 20 miles on the quiet country roads.

Your assumption that having higher use is abuse is malicious and wrong.

It may be uncommon but it's as legitimate as someone's else.

So making someone pay for 10 gallons of gas they're not allowed to use is fine with you?

but only on days that end in y.

> "AI can solve this one problem, but it needs X, Y, Z, because it's not a omnipotent god entity"

0 advertisements from openai or anthropic say this. They all sell you an omnipotent god entity.

Skill issue in thinking.

> There's an incredibly serious lack of education with how LLMs & carb-counting works. This entire article would be better suited to astrology.com than hackernews.

This is because the people who promote these technologies, and the companies that sell these technologies, engage in a massive amount of puffery (aka hyperbolizing aka just straight telling lies).

These technologies are painted as the magical solution to whatever problem you have (all it costs you is a few tens of thousands of tokens, aka your water supply). There is literally nothing they CAN'T do if you will just let us build these gigantic small town destroying, noise polluting, water and electricity hungry 'AI data-centers'. So that we can use those datacenters to sell you more tokens to put into their slot machines.

it might be interesting to use unused or extra wifi cards to support this. My pc motherboard has both wifi and ethernet and I only use the ethernet. That card does absolutely nothing at all.