Hacker Newsnew | past | comments | ask | show | jobs | submit | aszen's commentslogin

Claude code is not infra, the model is the infra. They changed settings to make their models faster and probably cheaper to run too. Honestly with adaptive thinking it no longer matters what model it is if you can dynamically make it do less or more work.

reply


Same here. Reviewing gets harder too and multi tasking kills any kind of productivity if you need to review the code then.

My approach these days is to do one change at a time, until I can fully merge it with confidence.

reply


This is quite interesting, will try it. I kind of expect this to be done continuously as the code base changes.


This article doesn't mention the moat of data gathering, frontier AI labs have a huge advantage in curating proprietary datasets from actual usage of their platforms.

This in turn allows them to optimize their models for the long tail of tasks that open weight models can't compete with.

Another factor is that pure intelligence isn't enough, how the model communicates is a huge plus. An enterprise used to talking to Claude all day won't be easy to switch to another model


Seems like you are testing llms genric abilities rather than your actual agent logic.

Llms are like vendor code you don't need to test them yourself people already created benchmarks for that.


No they haven’t. The benchmarks suck, because they are cheap knockoffs instead of comprehensive experiments.

LLMs are poorly tested by vendors. They literally can’t afford to test them, so they force us to do it.


If you buy real handcrafted scarves they are both thinner and warmer than anything factory made bcz of their choice of pashmina wool.


So the new implementation always operates at the line level, replacing one or more lines. That's not ideal for some refactorings like rename where search and replace is faster.

Edit

Checking ohmypi The model has access to str replace too so this is just a edit till


I bet writing the code directly could have been even faster, llms aren't magically fast


> llms aren't magically fast

They literally are.


I had to make a small CSS change yesterday. I asked the LLM to do it, which took about 2 min. I also did it myself at the same time just to check and it took me 23 seconds.


I wonder why we are even storing secrets in .env files in plain text


This wouldn't have made the front page if it was: "How to not store your secrets in plain text"


I would also prefer not doing this. Does anyone know of any lightweight, cross platform alternatives?


I use sops and age, originally loosely based on this article: https://devops.datenkollektiv.de/using-sops-with-age-and-git...

I originally set up the git filters, but later disabled them.


Perhaps I'm off base here but it seems like the goal is:

1. allow an agent to run wild in some kind of isolated environment, giving the "tight loop" coding agent experience so you don't have to approve everything it does.

2. let it execute the code it's creating using some credentials to access an API or a server or whatever, without allowing it to exfil those creds.

If 1 is working correctly I don't see how 2 could be possible. Maybe there's some fancy homomorphic encryption / TEE magic to achieve this but like ... if the process under development has access to the creds, and the agent has unfettered access to the development environment, it is not obvious to me how both of these goals could be met simultaneously.

Very interested in being wrong about this. Please correct me!


You can accomplish both goals by setting up a proxy server to the API, and giving the agent access to the proxy.

You setup a simple proxy server on localhost:1234 that forwards all incoming requests to the real API and the crucial part is that the proxy adds the "Auth" header with the real auth token.

This way, the agent never sees the actual auth token, and doesn't have access to it.

If the agent has full internet access then there are still risks. For example, a malicious website could convince the agent itself to perform malicious requests against the API (like delete everything, or download all data and then upload it all to some hacker server).

But in terms of the security of the auth token itself, this system is 100% secure.


That's clever.

Did you make this account to tell me this? Thank you!


You’ve got my intent correct!

Where I’m at with #2 is the agent builds a prototype with its own private session credentials.

I have orchestration created that can replicate the prototyping session.

From there I can keep final build keys secret from the agent.

My build loop is meant to build an experiment first, and then an enduring build based on what it figures out.


https://www.passwordstore.org/

You can easily script it to decode passwords on demand.


If your .env file is being sourced by something like direnv, you can have it read secrets from the secret storage service and export them as env vars.

If you bind-mount the directory, the sandbox can see the commands, but executing them won’t work since it can’t access the secret service.


https://devenv.sh/integrations/secretspec/


I would like an answer, too.


How? You don't know what the llm was trained on and don't know if it has any bias. Imo llms are a disaster for knowledge work because they act like a black box.


Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: