François Voron

I've got an agent in a loop optimizing a renderer with the goal to minimize frame times (and tests to measure). It got times down from 88ms to 2ms and allocations down from ~150K to 500. Sounds good, right? Wrong. This is exactly why agent psychosis is a big fucking problem. As an experiment, I rewrote the Ghostty core render state in Go, with access to identically laid out data structures as Ghostty and the exact same validation tests. I made a purposely naive renderer (simple, correct, but slow). 88ms per frame with 150,000 allocations (horrendous, lol)! I then kickstarted a Ralph loop to bring the frame times down. I told it it can't modify input data structures or the public API or tests (they're correct), but it can do anything else it wants. It got to work. It has worked for about 4 hours. I've spent around $350 on this experiment so far. The results? 88ms => 1.5ms 150K allocs => ~500 allocs Incredible right? Nope. My hand-written renderer I ported has frame times (same benchmark) of ~20us (0.020ms) and 0 allocations in the update path. This is the problem with psychosis and lacking systems understanding. If you don't understand the system, you're going to accept that this is an incredible result. If you understand the system, you'll see better solutions immediately and can do roughly 75x better on throughput. The people who blindly trust agent output are in the former camp. They're sheeple, overdrinking from a fountain of mediocrity. Standard disclaimer: I use AI all the time. I like AI. The point I'm making is to not blindly accept results. Think. Analyze. Learn.

Supply chain attacks and OSS sustainability go hand in hand. I've semi-seriously joked for years that OSS upstreams should periodically purposely inject full vulns into their code and let downstreams fuck around and find out. Downstreams can pay to get the non-FAFO version. The not joke part is simply that OSS maintainers aren't a supply chain. OSS maintainers are not responsible for monitoring CVEs (because, they are not a supply chain). OSS maintainers are not at fault when bad shit happens to downstreams, because basically every OSS license (MIT, Apache, GPL, etc.) literally says: the software is provided "as-is, without warranty." You get what you pay for (that is to say: absolutely nothing!) Now, the joke part is that I do believe there is an ethical obligation to try to prevent harm downstream. But "try" is the key word. So, this isn't a serious proposal. But, if you're using OSS code and you're not paying for a license with a contract that promises some kind of warranty, you have no supply chain. You (the downstream user of an OSS lib) ARE the supply chain. To use a metaphor: physical goods have a real supply chain. Car manufacturers, chips, clothes, toys, etc. You have a signed commercial agreement with all your suppliers that promises quantity AND quality and blowback if either are missed. Thats a supply chain. If someone puts some chips on the side of the road with a "FREE" sign, then you integrate those into a product, then find out those chips are hacking customers, its your fault, not the person who dropped them on the side of the road.

しれっと流れてきたけど Anthropic やってる事 evil すぎて笑えません... Anthopics が Stainless を買収する → 自社以外の SDK には今後サービスを終了 Stainless は SDK の会社で OpenAPI から自動生成するサービスです。 サービス自体はクローズドソースですが Pull request を通して Anthropic や OpenAI, Meta などの顧客の公開 SDK を自動でメンテナンスしてきました。 つまり Anthropic 以外はこれを失うことを意味します。 ユーザー的に大きいのは OpenAI SDK.. openai-python/node/go などがメンテナンス負荷増大や仕様変更の影響を受ける可能性があります。 これかなり敵対的な買収ではないでしょうか...

Support is a known achilles heel for Merchant of Records. We've always been praised for ours (mostly – nobody is perfect), but in February, we started seeing it get away from us – reaching ~600 tickets/day in the backlog. Excited to have aggressively turned the trend around despite 10x in growth. → Hired a Director of Merchant Operations to help scale our support, risk and success team. → We shipped our own AI support chat. → We shipped our own continuous account review agent. → We shipped self-review onboarding against our AUP and integration requirements. → We've shipped a ton of internal tooling → We've answered 5,000+ tickets We're far from done, but excited about the momentum in the right direction.