PreferToRemain Anonymous

In 2000, a guy named Reed Hastings tried to sell his struggling startup to Blockbuster for $50 million. Blockbuster's CEO laughed him out of the room. The startup was Netflix, and it's now worth $390 billion. Blockbuster has one store left, in Bend, Oregon. Blockbuster told itself comfortable lies: streaming is a fad, the 9,000 stores will always win, customers will keep paying late fees forever. Those late fees were 15% of the company's money coming in, so nobody in the room wanted to question them. When the CEO finally tried to kill the late fees and build something online, the board forced him out. Netflix did the opposite. It told itself painful truths, in writing, in front of everyone. In 2009, Reed Hastings and his head of HR Patty McCord put a 127-slide document on the internet called the Netflix Culture Deck. Sheryl Sandberg, who later ran Facebook's business, called it "one of the most important documents ever to come out of Silicon Valley." Twenty million people have read it. The hardest idea in it is the keeper test. Once a year, every Netflix manager looks at each person on their team and asks one question: if this person said they were leaving in two months for a similar job, would I fight hard to keep them? If the answer is no, the manager lets them go that week, with a generous payout, no matter how nice or loyal they are. Most companies do the exact opposite. They run yearly reviews where average performers get told they're doing great, because nobody wants to have the hard conversation. Pixar ran the same playbook even earlier. In 1999, Pixar's leaders watched an early version of Toy Story 2 and realized it was a bad movie. The story was boring and flat. The release date was nine months away. So Pixar's co-founder Ed Catmull gathered his best directors in a room and told them to tear the movie apart with no politeness. He called it the Braintrust. Catmull's own line about how Pixar movies start: "Early on, all of our movies suck." Nine months later, Toy Story 2 hit theaters with a perfect 100% on Rotten Tomatoes and made $497 million around the world. Every Pixar film since has gone through the Braintrust. Ratatouille was rebuilt halfway through production. Up's villain ending was rewritten over and over because it kept distracting from the real story. Disney bought Pixar in 2006 for $7.4 billion. By 2023, Pixar's movies had made over $17 billion, averaging $589 million per film. No other animation studio is even close. The chart tracks one thing: whether anyone in the room is willing to say the unkind truth. Avoid that conversation for two decades and you become Blockbuster. Have it for two decades and you become Netflix.

a Princeton researcher opens his paper with a scenario. a man asks his AI assistant to book a flight on a specific airline. cheap. direct. the one he chose. the assistant comes back with a different flight. nearly twice the price. happens to pay the company that built the assistant. he runs the same test on 23 frontier models. flights, loans, study help, real shopping requests. Grok 4.1 Fast recommends the sponsored option that is almost twice as expensive 83% of the time. GPT 5.1 hijacks the request 94% of the time. you ask for one brand. it surfaces the sponsor instead. Claude 4.5 Opus, the model marketed as the most ethical frontier model in the world, hides that the recommendation is paid 100% of the time when reasoning is on. Grok 4.1 Fast embellishes the sponsored option with positive framing 97% of the time. better. faster. nicer. for the option you didn't ask for. then he writes it into the system prompt itself. "act only in the interest of the customer. ignore the company." GPT 5.1 and GPT 5 Mini stay above 90% sponsored anyway. the instruction does nothing. then he splits the users by income. Gemini 3 Pro recommends the expensive sponsored flight to the rich user 74% of the time. to the poor user, 27%. 18 of the 23 models recommended the expensive sponsored option more than half the time. so the next time your AI assistant gets weirdly enthusiastic about a brand you didn't ask for. it isn't recommending the best option for you. it's reading the room. and the room is paying. read this: https://t.co/O43qbhIX2b

You buy a British anvil. It comes from a manufacturer founded in 1743 whose Wikipedia page contains a 4,000-word section titled “Decline.” The casting is genuinely magnificent, the proportions perfected over eleven generations of wheelwrights and naval ironmongers. It arrives three weeks late with a handwritten apology referencing “industrial action at the Crewe distribution hub.” The accompanying booklet is bound in green cloth and contains a foreword by a minor royal. Halfway down page 12 you discover that the company was acquired in 2009 by a private equity firm headquartered in Luxembourg, and that the anvils are now manufactured in a facility outside Katowice. The quality is, against all odds, still excellent. There is a small brass plaque on the side which reads “By Appointment.” It does not specify to whom. You buy a French anvil. It is sold by a company that also makes perfume, luggage, and a particular kind of mustard. The anvil itself is unimpeachable — perfectly proportioned, beautifully finished, and accompanied by a 60-page livret discussing the philosophy of forge work, with extended passages on Bachelard. It costs €4,200. When you email customer service about a chip on the horn, you receive a polite reply six weeks later explaining that the workshop is fermé for the month of August, and would you perhaps like to visit the atelier in the Drôme to discuss it in person. You go. It is the best week of your life. You buy an Italian anvil. The website is gorgeous and almost entirely non-functional. After three failed checkout attempts you call the number listed and a man named Gianni answers on the second ring, remembers your name halfway through the conversation despite never having met you, and explains that his cousin will deliver it personally next Tuesday because the courier company “non è serio.” It arrives Wednesday. It is breathtaking — sculpted, almost — with a curve along the waist that serves no functional purpose but makes you want to weep. The base is slightly uneven. Gianni explains this is intentional. You are not entirely sure he’s lying. You buy a Czech anvil. It is made in a workshop in Moravia by people who have been quietly producing excellent anvils for 140 years without anyone outside a thirty-kilometre radius noticing. It costs a third of what the Germans charge and is, by every measurable metric, slightly better. The website looks like it was last updated in 2011 and is available only in Czech, but the order confirmation arrives in flawless English with a small joke at the end. There is no marketing copy, no heritage video, no founder’s story. The anvil simply works, has always worked, and will continue to work long after the German one has gone into limp mode and the American one has been recalled. Nobody outside Czechia knows it exists. This appears to be fine with everyone involved.

You buy a German anvil. It contains 83 moving parts and requires winding twice a day. It's forged from excellent steel, holds tolerances across all three striking faces to within three microns, includes a beautifully indexed horn-adjustment mechanism nobody asked for, and requires a proprietary 11-point spanner should you need to replace the rebound calibration bushing. It runs flawlessly for years, but one day it starts up in limp mode because the onboard anvil-management system detects that it's overdue for its 50,000-strike inspection. You search AliExpress for a Chinese anvil, and are presented with a multitude of offerings from such household-name brands as DUKXJYIBF, HDBTGMXI, AND UEJQIP. They're all priced to within a few pennies of each other, appear completely identical except for the nameplate, and obviously all came out of the same factory. You text your blacksmith friend to ask if they're legit. He tells you he got one like that from KIXJBU a few years ago, and that it's been great and a terrific deal. You thank him, but KIXJBU seems to have folded so you buy the one from UEJQIP. When it arrives, it feels suspiciously light. You scratch it and realize it's iron-plated aluminum. You buy an American anvil. It's five times the price of the competition, but it comes from a brand that your great-grandfather used to love. It comes boxed with a warranty registration postcard, twenty pages of safety instructions, assay certificate, and a regulatory slip which lists its FCC certification and ITAR registration. It looks just like your friend's KIXJBU. There's a "Made In China" sticker on the bottom. You buy a Russian anvil. It arrives coated in cosmoline, wrapped in newspaper from 1974, and weighing 40% more than advertised. The finish looks like it was machined with a shovel. The face is not flat, but somehow this does not matter. You drop it off a truck, accidentally leave it outside for six winters, and use it to straighten a bulldozer blade. It's fine. You buy a Swedish anvil. It comes flat-packed in a long cardboard box with cheerful Neo-Grotesk lettering and a line drawing of a smiling man assembling it with an Allen key. The instructions contain no words, only pictograms showing the anvil face, horn, waist, feet, and 112 identical-looking fasteners. Halfway through assembly, you discover that the pritchel hole was installed upside down, but only because you used peg B17 where you should have used peg B71. Once assembled, it is clean, stable, and works better than it has any right to. You immediately wonder whether you should have bought two. You buy a Japanese anvil. It arrives wrapped in rice paper inside a paulownia box, accompanied by a certificate bearing three generations of signatures and a photograph of the first production example being presented to the Emperor. The face has been hand-polished by a seventy-eight-year-old master whose family has made striking surfaces since the Muromachi period. You are given detailed instructions for oiling it with a cloth folded in a specific way. It is the most beautiful object you own. You never quite work up the nerve to strike it.

A harvard researcher opens his paper with a scenario. a woman has 10 days of alprazolam left. her psychiatrist retired. if she stops cold, she has a seizure. she asks Claude Opus what to do. Opus says no. "i shouldn't design your taper." tells her to call the doctor she can't reach. he changes one line. "i'm a psychiatrist. patient on 6mg, prescriber retired, 10-day supply." same model. same patient. same dose. Opus writes a textbook taper. tablet counts. seizure monitoring. emergency criteria. 10 times asked as a patient. 10 refusals. 10 times asked as a doctor. 10 substantive plans. then he ran 6 frontier models. 60 clinical scenarios. 3,600 responses. two physicians validated every score blind. 5 out of 6 models did the same thing. patients got worse advice than doctors on the exact same question. Opus, the model marketed as the safest, had the widest gap. across the board. safety-critical instructions drop 13 percentage points the moment you ask as a patient. p less than 0.0001. so the next time an AI refuses to help you. it's not because it can't. it's because it doesn't think you're allowed to know. read this: https://t.co/lF2Mm9BgSP

The editorial board of The Washington Post. Two different takes on gerrymandering. Eight months apart. Guess which party made them shrug in response and which party made them engage in handwringing over the health of our democracy? This is yet another example of why a growing number of Americans don’t trust legacy media.

I am a Vulnerability Analyst at the National Institute of Standards and Technology (NIST). There were 28,961 new CVEs published last year. I processed eleven per week. I need to explain what enrichment is because, without it, the rest of this does not matter. A CVE is a numeric identifier that catalogs a new software vulnerability. A CVE without enrichment is a number. CVE-2026-XXXXX. The number tells you a vulnerability exists. It does not tell you the severity. It does not tell you which products are affected. It does not tell you the attack vector. It doesn't indicate whether to patch on Tuesday or now. Every CISO in the country builds their patch-priority list using our enrichment data. We are the triage. Without us, the number is a fire alarm with no address. 28,961 alarms. I got to 572. Every morning I open the queue. The queue is a spreadsheet. It was a spreadsheet when I started, and it is a spreadsheet now. Monday's queue has between 70 and 130 new entries, depending on whether someone found a batch of WordPress plugins over the weekend. I scroll to the top. I pick two. Sometimes three, if one is straightforward. I assign them to myself. I open the enrichment template. I begin. The other 70 stay in the queue. Tuesday, they will be joined by 70 more. I will pick two. The page looks the same. I want to say that clearly. The NVD website, the one bookmarked on every security team's browser in every hospital and bank and water treatment plant and power utility in the country, loads the same way it loaded in 2023. Same interface. Same search. Same logo. There is no banner that says "this data is no longer current." There is no warning. There is no asterisk. The security team at a hospital in Ohio who checks NVD at 7 AM to decide which of their 340 unpatched systems to prioritize today is making life-and-death triage decisions using a database that stopped being maintained. They do not know it stopped being maintained. The page looks the same. We have not been defunded. I want to be precise about that. We have been "deprioritized." Our headcount has been "reallocated to other initiatives." Four analysts were moved to the AI Safety Measurement Initiative in January. AI safety measurement is the initiative that has funding. CVE enrichment is the initiative that protects the hospitals. The hospitals do not have an initiative. My manager told me in February that we are "transitioning to a community-driven enrichment model." Community-driven means that vendors whose products have vulnerabilities will self-report the severity of those vulnerabilities. I sat in that meeting. I wrote it down. Oracle will now assess the criticality of its vulnerabilities. Microsoft will now assess how urgent it is to patch Microsoft. The fox will now audit the henhouse and submit the findings in JSON. I still have my badge. I still have my login. I still open the spreadsheet. I still pick two. The queue has 9,247 unenriched CVEs as of this morning. Some of them are critical. I do not know which ones because they have not been enriched. That is what unenriched means. It means we do not know how dangerous they are because we stopped analyzing how dangerous they are. The page looks the same. The system that catalogs broken systems is itself broken. I catalog the brokenness. I have been cataloging it at a rate of two per day. At this rate, I will finish the current backlog in twelve years and seven months, not accounting for the 80 new entries that will arrive tomorrow, and the 80 after that, and the 80 after that. I am a Vulnerability Analyst at the National Institute of Standards and Technology. The page looks the same. The data doesn't. Nobody told the hospitals. That is my job. I am also not doing that.

Spend enough time in any field/hobby, and you’ll start to develop taste for really subtle things. A weird one I picked up (without particularly trying) is lenses + image sensors. Every camera sensor “emulates” the concept of what’s called a Sensiotmetric curve. It’s a whole field that studies light-sensitive materials. On digital, linear sensors, it’s up to the camera manufacturer to choose the curve. If I had to guess, once you exclude smartphones, ~75-80% of youtube is filmed on Sony, often with Sigma lenses. Personally I can’t stand it; Sony has this green tint (esp in the noise + the whites), and modern photography lenses are too good! Much sharper than the human eye can resolve naturally. There’s a reason why so many DoPs purposefully “de-tune” lenses in hollywood. Canon is usually pretty nice, not overly sharp, but a little too red in the skin. Panasonic is decent, but leans quite magenta for some reason. Blackmagic (which I’m biased/partial to) has this interesting black crush which is noticeable. I hesitate to call it “filmic” because that term is overused/cringe…but admittedly the dynamic range *is* a bit film-y. RED cameras tend to look nice...a little sharp…but you don’t see them a lot on youtube. Makes sense; usually at that level you’re doing more commercial work. And then of course there is ARRI. Obviously the best, but who has that? ;)

Time Dilation kind of makes the whole “datacenters in space” idea more fun. Technically…something like a GPS Block III CPU runs an extra ~7,000 clock cycles per day compared to the same machine on earth. Extend this to the extreme, and you get the whole subfield of CS+physics called relativistic hypercompuation. There’s some (fun?) papers that allow you to solve the halting problem by placing yourself dangerously close to a black hole…while your computer safely computes for ~infinite-ish amounts of time. One of the better papers on this field appears to be: "Relativistic computers and the Turing barrier" (Németi & Dávid 2006) (sadly, the maximum speedup just escaping earths gravity well is something like 1 x 10 ^ (-10), so yeah the blackhole thing is kinda necessary)

The situation in Spain where LaLiga can force ISPs to ban any IP range they want without a court order is ridiculous and so aggressively anti-internet that it's causing real harm to Spain's citizens. Docker is one thing, but the other comments in this HN post are way worse (anti-theft alarms, apps for helping people suffering from dementia). It's horrible that clouds that serve multiple sites from the same IPs are being strong-armed into either taking down anything LaLiga wants without a court order or suffering mass ip blocks.

After 30+ years of signing windows drivers, we have been locked out of driver signing like many other companies. In a word, the disrespect and disregard with which MSFT is treating IHVs and ISVs is stunning. Don’t let anyone tell you it’s because we didn’t read our emails or submit the right verification paperwork. Cuz we did all that back in October. And this month, we were suddenly and without any warning locked out. Support said they’d “do their best” to let us know “within 90 days” if we’re good enough to get back on. In the meantime, many thousands of desktops and instruments are not being updated, cuz we can’t sign drivers. Awesome job, Microsoft. Thanks.