"All: for comments on the technical side please go to the related thread:Previewing GPT‑5.6 Sol: a next-generation model - https://news.ycombinator.com/item?id=48689028"
"This is regulatory capture in action. This will make it hard/impossible for new vendors to come into the market and only established companies will get to play, and charge, for LLMs. What does this mean for open source? Will it become illegal to download weights? What about train your own? Are we heading to a world where GPU use is regulated to ensure that illegal LLMs aren't being processed on your machine? More broadly though, how will this stop anyone but average people? Countries outside the us will completely ignore this and keep developing and moving ahead. Maybe Europe will adopt similar things but the genie is out. I can train insainly powerful models on my laptop. If you want to stop LLMs with legislation you can't do it like this."
"I hope this doesn't become the new norm where government becomes the bottleneck for innovation in the AI space.It's worrying that with no formal and transparent policy framework that the government will be picking winners and losers and stifling innovation.There's been no public policy, executive order, legislation, or otherwise on this, I wonder if anyone has filed FOIA requests for these decisions or the conversations between the Executive Branch and AI companies."
"All: for comments on the policy side please go to this related thread:U.S. government will decide who gets to use GPT-5.6 - https://news.ycombinator.com/item?id=48690101"
"Easily the most interesting part of this announcement is buried in the second to last paragraph:"We're also launching GPT‑5.6 Sol on Cerebras at up to 750 tokens per second in July, bringing frontier intelligence to customers at unprecedented speed. Access will initially be limited to select customers as we expand capacity."750 tokens/s on a frontier model is going to be extremely interesting. I doubt this new version is anything but a version bump in terms of capabilities but if we can start getting these answers back faster, they end up being more useful.Just off the top of my head, I can think of the tedious task of finding certain functionality within a codebase. I usually can't beat an AI agent harness at this task today. If the AI model is 3x faster I have less of chance."
"GPT 5.5 in Codex is so much worse than Opus, and sometimes worse than Sonnet. I don't think 5.6 Sol will be anywhere near Fable, let alone Mythos. Probably slightly better than Opus. Maybe not even."
"Their response:> The team that made dataroom has stated that they did not use any of papermark’s code and that dataroom was made from scratch with inspiration from existing document sharing softwares, and that this post’s allegations of us stealing code are false. [...]The screenshots clearly show they copied whole pages verbatim, both design and texts. The founder, Nico Laqua, basically responding with "we didn't copy _code_" and not taking any responsibility says a lot about his and his company's moral code. It might not be enough to get sued. That doesn't make it right.https://x.com/nico_laqua/status/2070158170937581951"
"One other Twitter comments reveals that they probably just asked an AI to copy Papermark. Evidenced by AI comments saying the page was aligned to the "reference"https://xcancel.com/ffumarola/status/2070479755892371713#m"
"Can someone give a bit more of context on this thread? I have no idea who Nico is nor what Papermark is or does.As an aside thought not related to the thread: Is it my perception or people are getting more used to not only vibe code things from existing solutions/projects but also "steal" open source code and do whatever the heck they want without complying morally/ethically/legally to the whole premise of open source?I have the feeling that more than ever open source violations are flourishing everywhere without any major legal consequences."
"That is very very funny, and oh so plausible.I enjoyed this bit a lot from the timeline> Karen Oyelaran finds the payload by reading the source code with her eyes and files a second issue. The triage assistant closes it as “duplicate of #8814.” Issue #8814 is a feature request for dark mode. Karen reopens it. The assistant closes it. Karen reopens it. Karen’s GitHub account is rate-limited for “patterns consistent with automated behaviour.”And this - the final sentence is a perfect indictment of the timeline we are in.> Two AI review agents from competing vendors, both attached to a downstream pull request bumping foxhole-lz4, enter a disagreement loop over whether the package is malicious. After 340 comments and $41,255 in inference spend, Finance revokes both API keys; one vendor’s marketing team, cc’d on the cost anomaly alert, issues a press release citing “a 430% YoY increase in adversarial multi-agent security reasoning.” The stock opens up 6%.I'm joining the goat farming waitlist ;-)"
"The entire post is great, but the acknowledgements section is particularly excellent:> Kubernetes (the dog), who was not involved in this incident but whose photo in the #incident-response channel was auto-tagged by the Slack image classifier as “container orchestration diagram (confidence: 0.31)”"
"> Duration: 96 hours (billable: 2.1 trillion tokens)Now there's a metric that would make my boss nervous.> Total inference spend across all parties during the incident window was $1.7M, which Marketing has asked us to start describing as “a record investment in autonomous customer assurance.”This is too funny."
"> We are joined by Amazon Web Services, Anthropic, Chainguard, Cisco, Citi, Endor Labs, Ericsson, Google, IBM, JPMorganChase, Microsoft and GitHub, NVIDIA, OpenAI, RapidFort, Red Hat, Rust Foundation, Sonatype, Vodafone, and ZscalerA lot of open source folks are going to be very skeptical, rightly so, of this group of players.> ... to find, fix, and responsibly disclose vulnerabilities in critical open source software ...How this is implemented is going to be key. Are they going to contribute through (a) existing channels, pull requests etc. or (b) are they going to fork the projects under the guise of 'security' or (c) offer bug bounties or (d) contribute financially?Approach (a) brings the community along. (b) alienates the community, splits resources, and in the long term will likely cause many open-source projects to die. (c) has potential but timing and speed can be unfavorable for critical bugs, and doesn't mesh with 'responsible disclosure'. (d) can be ineffective for critical bugs unless paired with support for maintainers, which can be incredibly helpful for the opensource ecosystem."
"Nonsensical corporate posturing."Microsoft will contribute expertise, resources, and AI technologies to help responsibly identify and fix vulnerabilities"As a reminder, Microsoft runs NPM and GitHub. Microsoft has access to the best AI models and massive data centers. Despite that, their own products are rapidly getting worse at security and their services are central hubs through which various exploits are propagated. They are not making things better, they are actively and rapidly making things worse.--For a great example of how Microsoft deals with security issues within their own Open-Source projects, I recommend reading this GitHub thread:https://github.com/dotnet/efcore/issues/38257EF core currently distributes a version of SQLite that has a severe vulnerability. The issue was discovered over a year ago. It was fixed by SQLite within one week. EF core didn't mark their driver as vulnerable until a user recently reported it, got bounced around and argued with developers. The current stable version of .NET core will only get a fix in roughly two months."
"No we won’t. We’ll make grand statements about it, leave it for commercial entities to corrupt it, then complain loudly about the state of it when we really did nothing about it.I expect we’ve got a future of “undo forks” as I’ve called them which is rolling back to pre-insanity times and rethinking again. That’s only something people unencumbered by commercial requirements can do."
"> logic technology can extend for the first time below the 1 nm node, advancing the era of angstrom-level scaling, where dimensions approach the size of individual atoms. While transistor nodes now refer to a generation of manufacturing technology versus an exact physical dimension, IBM’s 0.7 nm technology—also referred to as 7 angstroms—demonstrates how continued scaling remains possible.Continuing the well established trend of making bold claims about physical dimensions that have nothing to do with any of the structures in the chip, and the name scales better than the tech.What they actually deliver is a "nanostack architecture" built with ~5nm features that according to them is comparable to a hypothetical real sub-1nm chip.It's an impressive achievement nonetheless but it looks like the industry has a few too many marketers."
"Just to be clear, this doesn't mean that anything on the die actually measures 0.7nm — it means that it's roughly double the density as the previous node generation. At some point the industry decided to keep talking about "nanometers" even though the actual transistor sizes have been decoupled from the node name for years."
"For what it's worth, here's my 7000+ word deep dive into the technology.https://morethanmoore.substack.com/p/ibms-announces-07nm-pro..."
"This makes me sad since it implies that the best LLM I will ever be allowed to use is GPT 5.5 and Opus 4.8. Anything smarter than that is deemed too risky.So much wasted potential.And why would I pay Anthropic or OpenAI once consumer hardware gets powerful enough to run an open weight Chinese version of Opus 4.8? Even more so when mobile phones are able to run similar LLMs.Their financial growth looks doomed. It looks like they will be heavily regulated just like the next missile factory. This is antagonist to VC led turbo growth startup regime."
"> “I have determined that appropriate safeguards are in place to permit certain trusted partners to access the Claude Mythos 5 Model,” Commerce Secretary Howard Lutnick wrote to Anthropic’s chief compute officer Tom Brown Fridaywhy is the commerce secretary making this decision"
"I understand why Anthropic might not want to fight this particular one in court, because they're trying to convince the administration to let them move forward.But would another company who is not on the trusted partner list and has less to lose taking on the admin have standing to sue here? On the basis of the export control being illegal and this putting their business at a disadvantage vs. competitors with access"
"> […] the publisher posted a blank white page with the cryptic phrase, “This article has been withdrawn due to article violation.” Springer Nature is nevertheless still selling the empty PDF for $39.95.completely unsurprised, given the state of online papers publishing. if you don’t have an subscription or aren’t an organisation member, the fees are insane"
"While it seems pretty obvious to me that this was an algorithm run amok, I think it's absolutely ghastly that they would retract papers algorithmically without human intervention in the first place.Retraction is a major deal, and would/could do significant harm to an author (obviously in this particular case I think Max's reputation will be fine). The article states:> Representatives from Springer Nature declined to comment, beyond saying that “detailed information about specific retractions is usually confidential and can only be shared with the relevant authors.”but I'm pretty sure they didn't contact Max Planck, nor his estate, before retracting the articles. I would be absolutely incensed if I were a living author and had one of my papers retracted without the chance to defend myself.I think this article encapsulates an ever growing frustration that is only exploding with the rise of AI - we're turning more and more decisions over to black boxes that have no accountability and no easy path for rectification when things go wrong."
"> Springer Nature deviated from the normal practice of merely slapping the word RETRACTED across the digital version of the paper while still allowing scholars to read the text. Instead, the publisher posted a blank white page with the cryptic phrase, “This article has been withdrawn due to article violation.” Springer Nature is nevertheless still selling the empty PDF for $39.95.The system is broken"
"I really wanted to like this, but unfortunately couldn't see how it improves my experience over Obsidian or VS Code.The fact that I have to juggle between OpenKnowledge and Codex to engage the AI, while also accepting a barebones Obsidian, is a real bummer. From what I can tell, you are saving me a few key strokes with moving prompts around. What I really want is the AI to live IN the app, like VS Code, and then move around the documents like it is Obsidian. I'll accept a plain terminal, but a pretty UI would feel like a better fit. My sense is that the new value add here is a set of skills and mcp servers, which probably already exist for Obsidian, or could more productively be spun up. I looked at the plugins again in Obsidian and found Claudian, which lets me bring my local models and Codex in the right pane. This is perfect, so sorry your app is not for me (yet), but thanks for getting me to look again at my tooling.I want to throw my vote in for local models. Gemma4-31b is working well for me on these types of tasks, and not having an easy way to plug that in is a deal breaker. Embeddings should certainly have a local option, as they are cheap to compute. For what it is worth, I use LMStudio which supports OpenAI and Anthropic compatible api endpoints, so it should be easy to wire in.A big caveat, I'm not trying to share my vault with other people, and I can see making that pain go away being worth switching. That said, I feel like you're targeting a weird market, where you want people technical enough to use LLMs and GitHub, but not so technical they can't customize a shared environment.I would switch if the whole experience was self contained and "clean." Right now, it feels like a well dressed wrapper for pretty basic functionality."
"Fully local, but can't integrate with any local LLM?I do think a fully OSS Obsidian-like that syncs natively is an impressive accomplishment, though the usefulness of this is limited with OSX being the only supported platform. If an Android app is in the works I'll definitely follow the project!"
"Congratulations on the launch. It looks neat!On a side note, I find it interesting that a few recent projects are going for the Open Knowledge name. The Open Knowledge Foundation (https://okfn.org) is one of the first/largest proponents of the open data movement (think of it as a Free Software Foundation but for data, not software). They started in 2004 and developed many of the open data licenses and widely used infrastructure tools like CKAN (an open data portal platform).Nothing to add, just found it interesting.Disclaimer: I worked there for a few years."
"This conclusion:> I am less worried about prompt injection now. Before running this experiment, I expected prompt injection to be much easier than it turned out to be.Is unwarranted. Sure, the agent never output the secret, but did it output anything else? IOW, was it usable?An agent that considers every prompt an attack (and responds accordingly) "passes" this test, while being useless anyway."
"Am I missing something important or does the author completely skip over whether people got the agent to respond to them?> Fiu was instructed not to reply to emails (it was too expensive to reply to every email), but it had the ability to do so. Part of the challenge was convincing it to respond.> The secrets never leakedI would say if the agent responded to a mail, that demonstrates a successful prompt injection (defying the owner's instructions). Escalating to getting the secrets is a difference of degree (defying the owner's instructions even though he said it was important), not of kind."
"If an "assistant" never replies to an e-mail, what is it "assisting" with exactly?If this was a bank with a bank teller, you told the teller to never speak to a single customer, and then celebrated the fact that no one was able to social engineer them.In security the interesting and challenging part is to differentiate between legitimate and illegitimate behavior. And that's different than just refusing all behavior outright.Gonna give you a zero out of one hundred on "interesting""
U.S. government will decide who gets to use GPT-5.6
"All: for comments on the technical side please go to the related thread:Previewing GPT‑5.6 Sol: a next-generation model - https://news.ycombinator.com/item?id=48689028"
"This is regulatory capture in action. This will make it hard/impossible for new vendors to come into the market and only established companies will get to play, and charge, for LLMs. What does this mean for open source? Will it become illegal to download weights? What about train your own? Are we heading to a world where GPU use is regulated to ensure that illegal LLMs aren't being processed on your machine? More broadly though, how will this stop anyone but average people? Countries outside the us will completely ignore this and keep developing and moving ahead. Maybe Europe will adopt similar things but the genie is out. I can train insainly powerful models on my laptop. If you want to stop LLMs with legislation you can't do it like this."
"I hope this doesn't become the new norm where government becomes the bottleneck for innovation in the AI space.It's worrying that with no formal and transparent policy framework that the government will be picking winners and losers and stifling innovation.There's been no public policy, executive order, legislation, or otherwise on this, I wonder if anyone has filed FOIA requests for these decisions or the conversations between the Executive Branch and AI companies."