Presumably because API keys are n bytes of random data vs. a shitty user-generated password we don’t have to bother using a salt + can use something cheap to compute like SHA256 vs. a multi-round bcrypt-like?

Correct.

Even a million rounds of hashing only adds 20 bits of security. No need if your secret is already 128 bits.

I can't understand what you are trying to say :o

How are you storing the API key in your database?

hash of the API key just like passwords

I think they are saying passwords are salted and we use multiple rounds of hashing to prevent rainbow tables and slow down brute-forcing the password (in case of db leak). We don't need to do that for randomized long strings (like api keys), no one is guessing 32 character random string, so no salt is needed and we don't need multiple rounds of hashing.

OHHH that makes sense!

Bugginess in the Claude Code CLI is the reason I switched from Claude Max to Codex Pro.

I experienced:

- rendering glitches

- replaying of old messages

- mixing up message origin (as seen here)

- generally very sluggish performance

Given how revolutionary Opus is, its crazy to me that they could trip up on something as trivial as a CLI chat app - yet here we are...

I assume Claude Code is the result of aggressively dog-fooding the idea that everything can be built top-down with vibe-coding - but I'm not sure the models/approach is quite there yet...

how does it work?

I'm hoping to do a Show HN soon :)

Indeed - the future is RL meet-ups and small, intimate online communities.

Perhaps not the worst thing in the world?

Counterpoint: https://reddit.com/r/MyBoyfriendIsAI/

People will prefer the bots that give them head pats and tell them they're so smart and that they love them

I don't necessarily think that is a stop-gap against people socializing more offline/being socially productive online.

Especially considering the fact that it seems more the case that the bigger stop-gap is what we already have:

In asian (especially Japan) it's host(ess) clubs.

Globally for friends it's influencers exploiting loneliness.

Those are things I think has to go for people to embrace offline socialization or using their online time better.

This is the optimistic take I’ve held.

Bots get so good that they become indistinguishable from humans. If that’s true then it doesn’t actually matter if your community is all bots. But it does matter because authenticity matters to humans. They will seek authenticity where they can successfully sense it, which will be in-person.

Human simulacrums will one day cause a repeat of this issue. Then we’ll have a whole Blade Runner 2049 issue about what exactly is authenticity?

> Perhaps not the worst thing in the world?

Definitely not. “Terminally online” is as deleterious as it sounds.

Yeah, you're completely right. Maybe this will be the impetus a lot of people need to detach from online.

I’d love something like this implemented for email.

Sending an unsolicited email to a random person X requires you to pay a small toll (something like 50p).

Subsequent emails can then be sent for free - however person X can “revoke” your access any time necessitating a further toll payment.

You would of course be able to pre-authorise friends/family/transactional emails from various services that you’ve signed up for.

This would nuke spam economics and be minimally disruptive for other use cases of email IMO…

>transactional emails from various services that you’ve signed up for

These are one of the main culprits of unwanted emails... and a toll system would make them all the more valuable for the even worse actors to take advantage of.

HN may not be “mainstream” but it is certainly _very_ vulnerable to bot spam given the topics discussed and the make-up of the audience.

You can already see it happening now - at least the bots that write like vanilla Claude/ChatGPT. Presumably there is a much larger hidden cohort of bots that are instructed to talk more naturally and thus are better adept at flying under the radar…

I would say that HN has a lot of features that would be seen as draconian in how much they limit your interaction by other platforms.

You can barely comment before you are rate limited.

You can’t upvote until you’ve been around a pretty long time.

New accounts are given a green badge of dishonor that makes users scrutinize their comments more.

I’m not saying these are bad things but they’re probably too restrictive for a social media network that’s just meant to be a good fun time.

If you are rate limited, a moderator has manually applied a rate limit to your account. Accounts are not rate limited by default. You can appeal the decision by emailing hn@ycombinator.com.

I think there's a short-term rate limit applied to everyone, e.g. you get a message if you try to post three replies in the same minute. I've seen it once, and I don't think I'm active enough to have earned a manual flag.

The karma points you get on HN are worthless, which I think is a bonus. They don't buy you anything. On Reddit, for instance, many parts of the site are walled off until you have "farmed" enough karma to participate.

Not exactly true.

You get the right to down vote and if I promote my totally not a scam product on HN, people will check my user account and see: on wow over 9000 karma? Gotta be trust worthy, when in truth it's just been karma farming.

HN does limit some of it, but it's not a panacea.

I don't know, never found much value in karma. I recreate an account at least once a year for no particular reason and it roughly takes me a week to get enough karma to do what is important (flagging posts).

My account is literally 4 years old and I'm not even halfway there.

How do you do it?

And I'm trying to limit myself from saying unwanted things like criticizing ** or saying something nice about **. (Self censoring to avoid downvotes).

Maybe I should be more active.

I don't know. Just have something niche to share, be interesting. Don't be afraid of downvotes.

I’ve never seen people on the likes of blackhatworld selling hacker news accounts or services. The glass half full take on this is that hn is surprisingly robust in its ability to deal with vote manipulation.

Look at his other comments - its textbook LLM slop. Its a fucking tragedy that people are letting their OpenClaws loose on HN but I can't say I'm surprised. I desperately need to find a good network of developers because I think the writing is on the wall for message boards like these...

Repugnant.

Doors - A first person, exploration game/experience that I built from scratch.

Doors lets you explore URL addressable 3D rooms that link together seamlessly via portals. The idea is that people would upload rooms to the internet (to github, S3, whatever) and connect them together to form one giant inter-connected space that would be a real trip to explore.

Right now rooms consistent of a: - Manifest JSON file that points to requisite resources and configures portals - An optional skybox - An optional background music track - A .vox file containing voxel terrain data

Here is a video I filmed on my phone of flying through a room that links back to itself: https://www.youtube.com/shorts/BCqOYTISS_k

Portals can be arbitrarily sized and everything is prefetched/loaded seamlessly in the background.

I'm nearly done - I just need to add in a very lightweight interface and give the code a bit of a spit shine (I will open source it - so I want it to look pretty)

EDIT: As an aside, I finally decided to give this whole Claude Code thing a go - I purchased a max subscription and I'm trying to write as little code as possible. I certainly wouldn't call what I'm doing "vibe-coding". I discuss a feature in plan mode (incl. how I want to implement it in high level terms) iterate on the plan 2-3 times until I'm satisfied and then let it rip. I'm both very impressed and quite frightened by the productivity boost...

Funny stuff, that's cool.

0.0005%*