I've never worked on android/iOS and I know very little about sensors. I'm trying to learn through this experiment. If I can get rid of Strava and some other apps along the way with a simpler core that would be fun.
I too was and wanted to only blame communication overload. Especially with work the hardest thing in ai times seems to be the overload of stuff/shit to read that is too easy to write.
The reality is I agree with the op and I see the loss of reasoning power in myself. I've been using native Emacs on android for a bit and finally have gotten serious about config for it. I got lazy and had Claude do some of it. Which was great untill things don't work because there's not going to be my crazy ask in the data. It was painful for me to sit down and think through my configuration and the problem but I did it.
I am absolutely torn on the technology still two years after adopting it.
I'm a big trackpoint fan and proud owner of an X1 Carbon Gen 7 Thinkpad, but I would not recommend this keyboard.
The build quality is pretty bad. Sometimes the keys fail to type and the keys' mushiness makes for an unsatisfying typing experience. I have two but this was after buying a total of 4 and returning the two defective ones.
If Lenovo were to replace the cheap feeling plastic casing for alumninum, it would be a game changer.
I'm hoping the new framework keyboard can become my new daily driver, replacing the trackpoint keyboards I currently use.
I assume it's something like mine. I want a phone I can dock and use as a desktop with a monitor and mouse/keyboard. That is just a phone when undocked.
We have reactive UIs and desktop mode on android. It's getting very close. I am not certain on the previous commentors reasons but I detest the many device game. A 500 dollar pixel 10a is a great computer and I would rather not buy another machine if I dont have to.
And if every iPhone was also a Mac when attached to a monitor and keyboard, monitors and keyboards would become entirely common - as with the hotel example.
My iPhone 15 Pro Max is more capable than a MacBook Neo; it’d be nice if it could be one.
Not trolling here but these things are by design cesspools ready for compromise. Any fully open ecosystem where contributions are not strictly reviewed is open to this problem. If you don't like it, don't use editor extensions and use a well audited editor.
If you want to use extensions or node packages or pypi packages without doing a detailed review you're accumulating technical debt. You're assuming a risk in order to ship rapidly. You can either pay that down at some point under control, or bear the interest when it comes due.
I mean I don't think some sort of "access control" within the editor is going to really address this. People edit sensitive text in their code editor and no matter what that is going to be available to most useful extensions. Even if you don't lose a credential or get some arbitrary script running to mine crypto on your machine you could have an extension function as a key logger and exfil code you really think is valuable.
It would have restrained the access here. The extension would have only had access to the repos opened by this individual rather than an api key that gave access to 3,800 repos.
They probably should have some permission system where the default extension is only able to operate within the repos open at the time and has no internet access. Then you can grant internet access for the ones which genuinely need it.
The majority of VS code plugins are just syntax highlighers and linters which don't need any dangerous permissions.
Most of these problems could be solved with something like wasm/wasi where you can limit access to web, disk, etc... WASI is made to run code you don't trust, you could even limit compute third party is using so they can't mine crypto (I think it's called fuel limit). Ideally we would have whole IDE run in this kind of environment where we can explicitly say what it can and can't do.
It's easy to wave a magic wand and have one developer do better than a corporation of tens of thousands. There is a reason I don't use Microsoft products: I can't do it myself and do won't do it for me.
Just some fun I had this morning buying a song before work. I use amazon music as you can still just pay money and get MP3/etc files. I camp a lot so offline music is something I'm "into" I guess.
Not sure when this issue began but it's probably a regression in the last month or two, I've downloaded albums earlier this year.
Not trying to say AI is the culprit just pointing out that quality in our industry is just going down the shitter fast. I did try it with no extensions turned on. Realistically the cause could be safari, I didn't bother opening chrome.
That's great until it's some essential government, medical, educational, etc. service that you have either no alternative to or no alternative that isn't also using the same thing. I'm already being slowly and incrementally softlocked out of some (fortunately non-essential so far) sites either by cloudflare or other more subtle "anti-bot" networks as time goes on, including some like I've listed above. I can only expect this will continue until it's something I can't avoid.
For some reason, I'm softlocked from booking tickets from Deutsche Bahn. The website errors out with a cryptic "Your browser's behavior resembles that of a bot." message with no option to try again or pass a captcha or whatever. The website itself described several possible solutions but none helped (I tried using different computers, different internet connections, even a phone connected to internet using a SIM from a different country).
As for now, when I need to travel to Germany, I just book tickets through the national carrier of my home country, which for cross-border tickets often turns out to actually be cheaper than booking through DB. Thankfully I don't live in Germany proper and my need for travel there is not that high (once or twice a year at most) but I wonder what would I do if I had to move to Germany and use trains there more often.
Same problem but with French equivalent SNCF (sncf-connect.com). I just checked and can confirm nothing has changed. You cannot use up-to-date Firefox on Linux to access the main booking site for French rail tickets.
Access is temporarily restricted
We detected unusual activity from your device or network.
Reasons may include:
-Rapid taps or clicks
-JavaScript disabled or not working
-Automated (bot) activity on your network (IP X.X.X.X)
-Use of developer or inspection tools
I just opened the developer tools, then chose 'Separate Window' from the menu. The developer tools are now on my other screen, and then I clicked Reply to your message. The developer tools window that I had open is not relating to this tab, but when I opened Developer Tools for this tab, it remembered that I wanted it in a separate window and did so again. The viewport should not have changed at all..?
No, it won't, and this mechanism should not be used by anyone, but it'd at least ensure that people aren't forced to use it to interact with their government.
With the new reCAPTCHA this is going to happen because most human visitors will actually be unable to pass the CAPTCHA. It will be interesting to see whether this makes websites ditch reCAPTCHA or whether they literally just don't care about having customers, an attitude that seems to be getting more and more common every day.
I have been unable to give my money to Home Depot, REI and a growing list of online retailers because they use Akamai EdgeSuite, which just assumes I am a bot and 403s on protected API calls. This happens consistently on any IP and any browser on my Linux desktop/laptop.
There are not enough words to describe how much I hate Akamai EdgeSuite. So many random validation loops and 403s across different physical computers, different operating systems, different connections and even countries. A couple of services I need use it and it's 30% I'll make it past their stupid "protection".
It has a zero percent chance of reaching anyone who can do anything about it.
You could try handwriting and posting a letter to their CEO. I think that sometimes works. Probably not very often but there are more than zero CEOs who read those letters.
Maybe they'll figure it out when their revenue drops next quorter or the ones after that?
I was thinking in the same terms: you put up a QR capcha, you don't get my traffic and money. Just the amount of extra work needed, let alone the Google tracking turns me off. As if traffic lights, crosswalks and bridges weren't enough of a hassle.
You can also send an email if you're lazy. In both cases the CEO probably won't read it but a more than minimum wage secretary probably will pass it on to corporate customer support which IME is a lot more useful and the regular support that the company wants you to use.
REI Co-op has an Annual Members Meeting in Seattle, where it announces the results of the board of directors election.
The 2026 one happened Feb 5. Apparently the presentation is only 8m long, some saying it's pre-recorded and it's near-impossible for members to submit a question that actually gets answered:
One problem with these things is that businesses have minimal visibility on the amount of users they lose.
On the opposite, if they see reports of many visitors not completing the captcha, they're likely to think "Wow so many bots!!! This defense nowadays is indispensable..!".
Sometimes you need to pass a captcha even to contact them (if you want to tell them that you can't pass their captcha).
I wanted to give money to charity and they have whole form protected by recaptcha. So I would have to allow all my personal information and amount donated sent to google (and agree with google terms for data processing). I have contacted them but they did not understand why this is problem they just wanted to protect themself against bots. IMHO unless those things are not disallowed by antitrust laws we have lost.
I suspect this is a real problem for charities, though. If those bots are using stolen credit cards, the "donations" are going to cost the charities money after they pay extra fees to the credit card processors. Nonprofits are sometimes used to test stolen credit cards before making more profitable fraudulent transactions, so there's a real risk of it costing them money if they get rid of the captcha but don't replace it with something sufficiently high quality, even after accounting for the occasional lost donation.
Merchants often pay a chargeback fee on top of refunding the main charge. Additionally, merchants with lots of fraud or other chargeback issues are likely to be dropped by payment processors or see their general fees with payment processors get more expensive.
> most human visitors will actually be unable to pass the CAPTCHA
Most human visitors will never ever notice the change. reCAPTCHA is completely invisible for most human visitors because they are allowed to pass just by fingerprint.
It's not like an average user is going to have to scan a QR code every time they visit a site via web browser. If it were like this then it would be a non-issue because no sane website would adopt this system. But it isn't.
This is not true, maybe in the US, but in many countries you get captchas all the time with residential connection and also in public places all the time, internet cafe, airports, cafe wifis and so, they'll at least get it once, that way there is a permanent fingerprint correlation with real identity, I can bet that EVERYBODY will get it at some point so Google and other people on board with this atrocity (webmasters are also accomplice) can finish-up the master plan.
>> whether they literally just don't care about having customers
So every government website. Every website where people simply have no choice (DMV) or where failure to login results in them not claiming the money/benefits they are due (all tax websites). And every website handling post-sale complaints (Airlines, insurance).
> Stop visiting sites and using services that use reCAPTCHA. Problem solved.
Not solved at all: 99.999% of users don't give a damn and use a Google-signed Android.
My opinion is that because they don't give a damn does NOT mean regulations should not protect them. What Google is doing here is anticompetitive and they should be fined (antitrust and all that).
I don't see the correlation with Google-signed android actually, people really want to have this friction when they visit a website? Like having to get your phone from another room, use camera and all that to access a website? This is so anti-pattern and is also disrespectful toward consumers, any webmaster participating into this imo should rethink his career and morality.
There is, but at least in the US neither party cares. They want to get rid of anonymity online, one to throw anyone who googles "trans" in jail, and the other because their biggest donors are tech companies that want to denonymize everyone.
Our antitrust laws have been toothless for decades, and both parties love billionaires controlling the rest of us with an iron fist.
GrapheneOS is looking more and more worth the headache that my limited free time generally does not like. I don't need Google to know my smut fanfiction is written by my IRL.
Felt same way about GrapheneOS but a few friends set it up so i gave it a try. It is easy to install and use. As evidence, I gave my 70 year old father one and he loves it.
When my friend was telling me about GrapheneOS I was thinking back to the old days of android custom roms, all the bugs and bullshit, the time I couldn't dial out to 911 because my custom ROM crashes when I did, or other issues. So I gave it a pass.
However he's been on it now for months and every time he shows me something on it I get a little more jealous. Everything seems to be working fine, including e.g. bank apps, and he has interesting features like some kind of app zoning thing limiting permissions on a zone to zone basis.
The only problem is it's only available on massive phones without headphone jacks and SD card slots, so I'm sticking with Xperia for now.
> Ask HN: Did HN just start using Google recaptcha for logins? [0]
> dang
> No recent changes, but we do sometimes turn captchas on for logins when HN is under some kind of (possible) attack or other. That's been happening for a few hours. Hopefully it goes away soon.
The other problem with this is that there are few CAPTCHA alternatives.
CF turnstile is one, but of course that means Cloudflare owns even more of the web.
HCaptcha is inaccessible and actively discriminatory against individuals with disabilities and refuses to change, to the point that I suspect the only way that they will do anything is to file a class-action against them and sue them into the ground.
And I... Can't think of anything else. Other than to just get rid of Captchas entirely.
You could just have a custom one that asks domain-specific questions (and ones which will trip up LLMs are not hard to come by.) I've seen a few forums ask such questions for registration, long before the rise of LLMs.
There are other captcha alternatives like Turnstile, for example Private Captcha, Altcha etc. - they are owned by mostly “small” independent companies, they are not visual captchas (proof-of-work based) and very accesssible.
At least in my country (Poland) you should be able to make a pretty bug fuss and resulting in them fixing it, if indeed one of ego services made you leak all your data to Google.
Compliance is what makes all that shit possible. Sadly most people are compliant and made so by gradually increasing their dependency on "commodities" which really are anchors to a shit lake.
Suddenly I have been made aware that, having lost my paddle on Shit Creek, I will eventually be taken downstream to Shit Lake (where it appears I will inevitably drop anchor).
Oh just wait, the AI phone service on their side will be more than happy to complete your device attestation key challenge by touch tone. We have to make sure you are still you after all!
But in all seriousness, many services are making it difficult through to impossible to communicate outside of their web or app platforms. Call centres are expensive and messy, and it's now apparently acceptable as a society to treat customers/clients/whatever as adversaries so they can get away with making it hard to communicate with them.
I was unable to book a doctors meeting through the clinic's website, so I declared "screw tech" and called their call center, which still worked better. The app just searched for the "first available spot" and never found anything. If they axe the call center I'm going to have to go to their place.
> Are you comfortable with anybody being able to ring up the hospital and say "yo, it's majorchord, how are my gonnorhea results?"
No, that's why we have safety protocols in place. When you call a doctor they ask you for your birthdate or sometimes also a PIN/password on your account to protect your data.
How would that still be considered a breach of privacy?
Alright. I didn't know that. "Just call them" did not sound like it included any kind of authentication procedure.
But giving birthdate (available to anyone via a single query in a public database) and (sometimes?! - what?!) PIN over the phone wouldn't really be considered good enough here. Birthdate is, as I said, public knowledge. And a phone is too insecure a medium for transmitting a password.
I'm not super interested in an long argument about whether it's reasonable that this isn't considered secure or not. I'm just letting you know what reality looks like. And the reality is that "just call them" is not a solution, because such information will simply not be handed out over the phone.
I've never worked on android/iOS and I know very little about sensors. I'm trying to learn through this experiment. If I can get rid of Strava and some other apps along the way with a simpler core that would be fun.
reply