>> You can’t have production secrets sitting where they are accessible like this. This isn’t about AI. This is a modern “oops, I ran DROP TABLE on the production database” story. There’s no excuse for enabling a system where this can happen and it’s unacceptable to shift blame when faced with the reality that this is exactly what you did.
I'm not sure it's as simple as that. Seems like the database company failed to communicate clearly what the token was for:
>> To execute the deletion, the agent went looking for an API token. It found one in a file completely unrelated to the task it was working on. That token had been created for one purpose: to add and remove custom domains via the Railway CLI for our services. We had no idea — and Railway's token-creation flow gave us no warning — that the same token had blanket authority across the entire Railway GraphQL API, including destructive operations like volumeDelete. Had we known a CLI token created for routine domain operations could also delete production volumes, we would never have stored it.
Rereading the post, I think it’s even simpler than that. The volume was shared across multiple environments. Specifically it was shared across staging and prod. Yet another example of the company YOLOing with their production environment. Presumably a token scoped purely to staging could have deleted that volume anyway, because it was part of the staging environment. Mixing production and staging like this is a train wreck waiting to happen.
“I had no idea what this token was for” is also not a valid excuse. That’s negligence. Everything about this story says the author is just vibe coding garbage with no awareness of what’s really happening.
* Doesn’t know what kind of token he’s using.
* Has prod tokens sitting on a dev box for AI to use (regardless of the scope!).
* Doesn’t know that deleting a volume deletes the backups.
* Has no external backup story.
* Mixes staging and prod.
And then he blames the incident on other companies when he misuses their products. (Railway certainly had docs that explain their backups and tokens.)
Did the flow ask them explicitly for scopes? If not, then they should know there are no restrictions.
It also seems, from the post, that customers were "long asking for scoped tokens" so who and why assumed that this particular token can only add and remove custom domains?
The author is getting roasted here and not without reason.
Sounds more like a self-imposed penalty by the author. I mean I can read most of the world internet without such a message so I don't know what it even means.
This is what the UK government wants. Kyle has spent an insane amount of effort to get answers from OFCOM, got none, and as such blocks the UK for self-preservation. The UK wants to fine non-citizens for violating online purity rules, so this is the result.
Blame the UK for this bullshit. The rules say you must geoblock the UK or be fined, and then sometimes you still get fined anyway.
I have no problem blaming the UK government for all sorts of bullshit, but in this case I don't understand who says the UK has to be geoblocked. I can read literally hundreds of thousands of websites on the internets, it's just this one that seems to have a problem.
My educated guess is that the author is just being precious because he disagrees with the UK Online Safety Act. Everyone else seems to sort of ignore it and move on, so all that this does is that I can't read his site from the UK.
Or, rather, I could use a VPN but I can see here: https://archive.ph/iYLUO that it's a pdf article on some AI stuff. A previous article from the same site posted on HN (https://archive.ph/eXuD0) was also some commentary on using AI.
So is the author implying that the Online Safety Act will cause him to be fined for a couple of articles on AI, or what? What's supposed to be so objectionable to the Online Safety Act on his website that compels him to block the UK from it?
Yes, well, the author seems to be blocking access to make a point about being forced to block access. Which is a bit, you know. Really? OK, I don't need to read your stuff, I can read literally hundreds of thousands of other pages on the internet without their authors throwing a tantrum.
>> By far, his most significant contributions to the games industry came in the realm of dice design. Zocchi founded Gamescience in 1974. He was the first to create polyhedral dice for the U.S. market, and is credited with designing the D3, D5, D14, D24, and D100. The D100 was named the "Zocchihedron" in his honor (see "Have A Nice Day!").
And I happen to own at least one of each of those specialist dice. And many more still. I think I have a die with faces for most even numbers from 2 to 100 and also some of the odd ones too.
The "Zocchihedron" is a single die with 100 sides, but most games that use a d100 simulate it with two d10s instead (reading the ones on one d10 and the tens on the other). So the truth is that Zocchi's die is more a novelty and less influential than it might appear at first if you take the title as written.
> Yeah, a real d100 is just too impractical for actual gameplay. Super neat, but two d10s is far more usable.
We had one for our AD&D sessions and we'd definitely be using it. AFAIR it didn't necessarily roll for very long but it was a bit hard to make sure what numbers was really the one at the top. Still: it had a cool factor.
>> So what was valued? Physical robustness. Strength, perhaps brutality. Competence in physical tasks. Honesty. Parentage. Birth order (see primogeniture.) Those matter in per-technological societies, and they matter in failed societies now. Those are perhaps humanity's core values.
You're ignoring the astronomers of ancient Mesopotamia, the scribes of Egypt, the grammarians of India, the philosophers of ancient Greece, the orators of Rome, the physicians of Islam, the scholars of the Middle Ages, the masters of the Renaissance, and all the great natural philosophers, mathematicians, physicists, biologists, of all the ages up to 1800.
We are a technological civilisation, a scientific civilisation. Who do you think comes up with all the technology? Alexander, the Great Butcher? Attila the Hun? Jenghis Khan?
We live in the civilisation that was born in Athens, not in Sparta. Knowledge and wisdom always are the greatest power that shapes reality. This won't change just because OpenAI made a viral app.
There's literally an ancient text called `The Satire of the Trades` which bacially just pumps up nice it was to be the ancient world equivalent of a white collar worker.
>> The supervisor still needs to know what the answer should look like, still needs to know which checks to demand, still needs to have the instinct that something is off before they can articulate why. That instinct doesn't come from a subscription. It comes from years of failing at exactly the kind of work that people keep calling grunt work.
The US no longer uses its army for defense. Nobody in their immediate region dares attack them, they're too powerful ("Godzilla", in the words of John Mearsheimer). All the wars that the US has fought since WWII are nothing to do with defense. Just look at the Wikipedia article on "power projection":
The leader image is ... a US aircraft carrier (the USS Nimitz). That's what the US uses its military power for, to influence events in lands far, far away from its territory.
But, now, tell me which one of the many wars that the US has fought in after WWII did not end in disaster. Afghanistan? Iraq? Korea?
There was a meme doing the rounds the other day: "Name a character who can defeat Captain America". The answer being "Captain Vietnam". The US has faced humiliating defeat after humiliating defeat while bringing death and destruction and immeasurable misery to millions around the world.
That is what HN users seem to have an "anti" sentiment for. If you watch the news you'll be able to tell that this goes far beyond HN. The whole of US society seems to be extremely tired with those "forever wars", those senseless excursions to faraway lands, that not only do not secure US interests but turn world opinion more and more against the US. Even the US' closest allies now fear the US: vide Greenland. Anyone with more than a video game or comic book understanding of how the real world works would do well to be concerned.
Edit: also from EU, btw. Greek but living in the UK.
>The whole of US society seems to be extremely tired with those "forever wars",
This is the main thing I would disagree with, as an American who rubs elbows with conservatives quite a bit.
A large amount of Republican and conservative Americans want war. They're primed for a war they haven't had this generation. There are a lot of relatively young conservatives who are eager for war. A weird number of Republicans don't think we lost Iraq or Afghanistan, or a few other wars, so they aren't tired of it yet.
Like 15-25% of Americans also believe in some form of the end times prophecy involving Israel. I'm not kidding about this. The number really is that high. A lot might not openly state that they believe in it, but they were raised under a religious teaching that says it will happen. Hegseth, literally, has a crusades tattoo and openly talks about eradicating Muslims on his weekly or monthly sermon.
But yes a majority of americans, like 60%, are extremely tired of ongoing wars. But I can also drive to towns in the western US where trump still has majority support and they will openly say they support the Iran war. America is really polarized and a lot of conservatives only talk about this stuff to family now.
I grew up super rural and have to deal/work with very religious conservative Americans often enough. There are a lot more of them than people think. They've just learned to self-segregate and keep to themselves and say things a certain way.
Yeah, I’m sure you are giving a very charitable interpretation of those conservatives. As far as you talking about a percentage of Americans “believing in some kind of end times,” do you have that same derision for Arabs that the Quran is true? I imagine not. There is a much a higher percentage there. It’s so ironic the condescension leftists have for Christians but not for more Muslims.
As an American, I think a better metric for outcomes of Korea, Vietnam, Afghanistan, and Iraq is: were we trading with the before the war and are we trading with them one generation after the war? The same is even true of WWII, a more important marker afterward is that we spent the rest of the 20th century trading prosperously with Japan and Germany.
Korea: the south became an economic powerhouse with whom we now trade for critical computer components and is a generally reliable ally in the region.
Vietnam: we now trade with them happily and enjoy generally productive relations, largely because they fought us for less than two decades but fought China for centuries and centuries.
Iraq: we aren't yet a generation past, but the government they have now is better than what they had under Saddam Hussein, even if it was almost immediately subverted by Iran. And jury is out on Iran because that hot war just started.
Afghanistan: we aren't yet a generation past, but very likely the most clear failure in this list. I remember thinking in high school (during the active phase of the war): "if we actually want to make a difference, we'd have to stay a century or more, and we don't have the will to do that the way the British or Russians tried to, and even they ultimately failed to make any local changes."
Europeans also need to realize that everyday Americans don't actually care about Europe very much and never truly have. It took the Lusitania to get us into World War I, Pearl Harbor (and Hitler's declaration of war) to get us into World War II, and the credible threat of the Soviet Union to keep us in Europe for decades after the war. The husk of Russia at the center of the Soviet skeleton isn't a credible threat to America, and the American reversion to the mean of isolationism began as the Cold War ended. That reversion completed sometime between 2010 and 2015. There is a new credible threat, but that is China, and even to well informed Americans Europe is slipping from their attention.
Most people in Trump's government probably don't care that much about reopening Hormuz quickly. Gas prices are only truly spiking in U.S. states where local environmental regulations have obstructed access to domestic and regional supply, and the largest of those states (i.e. California, New York) have broken against Republicans in every Presidential election (9 of them in a row) since the end of the Cold War.
> As an American, I think a better metric for outcomes of Korea, Vietnam, Afghanistan, and Iraq is: were we trading with the before the war and are we trading with them one generation after the war?
At least you're honest. Personally I can't believe someone would think it's OK to invade someone else's county and massacre civilians on the scale of Vietnam or Korea in order to establish profitable trading relations.
It’s easy when you worship money and consider people of other races or cultures as less than human. Not that I am advocating for this view of course but a lot of Americans do even if they won’t admit it.
What do jewish supremacists think of non-jews? See? I can play the whataboutism game too. Anti-Americanism might just be because of the repeated wars of aggression that harms the rest of the world.
> Personally I can't believe someone would think it's OK to invade someone else's county and massacre civilians on the scale of Vietnam or Korea in order to establish profitable trading relations.
Strange. I don't remember writing that trading relations afterward justify the initiation of a war. Instead, I only remember writing that it is a better metric to assess the outcomes.
It's stranger still that you read these things between the lines, when my comment specifically includes a recollection of my own disquiet with the Afghanistan War, probably the most justified war of the four enumerated, that I felt while the war was happening.
American reaction to the Cuban Revolution was deeply incompetent. The Bay of Pigs is up there with the Iran Hostage Crisis and the withdrawal from Afghanistan (and specifically from Bagram) in the list of stunning foreign policy blunders of the last hundred years.
We still don't trade with Cuba, and that is a clear sign of ongoing foreign policy failure. But who knows, in a year's time we may be trading with Cuba again. We're trading with Venezuela now.
Nominally, stopping the spread of communism in Asia. Actually, stopping the spread of Chinese and Russian influence in Asia.
Our politicians did then and do now frequently miss the trees for the forest when assessing foreign crises (and I'm inverting that saying deliberately). Ho Chi Min was a nationalist first and a communist second, but all our leaders could see was a monolithic, global communist bloc. In fairness to them, hindsight is 20/20 and the Sino-Soviet split wasn't obvious to outsiders until the late 60s or early 70s.
Consider the cost on local civilians of the Vietnam and Iraq wars (the GWB war likely killed more Iraqi civilians that Hussein did in 24 years). And the literal trillions of dollar these wars costed. And the real possibility that regime change could have occurred anyway by less horrific means. Are you getting at a tiny silver lining or do you actually think these wars were remotely a good idea?
> Are you getting at a tiny silver lining or do you actually think these wars were remotely a good idea?
I'm getting at outcomes, whether or not a war is a good idea in the first place. War is never a good choice, IMO, but can sometimes be a necessary choice or an inevitability.
It's perfectly reasonable to point out that a war initiated for the wrong reasons had good (or some good) outcomes, or that a war initiated for the right reasons had bad (or some bad) outcomes. And that all war is ultimately terrible.
Our own Civil War was initiated for the right reasons and yet it became the bloodiest war in our history. More Americans died during our Civil War than during all our other wars put together, and Britain was able to end slavery across their whole empire without any war at all, though at great national expense (continuing payments until 2015 or so) and with some bloodshed on the seas.
Shahed drones have a maximum range of 25000 km [bbc_1]. The distance from e.g. Isfahan to Tel-Aviv is ~1592 km [google]. Shaheds can reach Israrel from Iran.
As to them all being intercepted, in the 12-day war that seemed to be the plan, i.e. force Israel to waste interceptors on cheap drones [bbc_2]. That seems to have changed in the current conflict.
_______________
[bbc_1] With a maximum range of 2,500km it could fly from Tehran to Athens.
[bbc_2] When Iran attacked Israel with hundreds of drones in 2024, the UK was reported to have used RAF fighter jets to shoot some down with missiles that are estimated to cost around £200,000 each.
> As to them all being intercepted, in the 12-day war that seemed to be the plan
That's doubtful, these are different interceptors than the ballistic missile interceptors (AA missiles). That doesn't make sense as a strategy if they cannot hit any targets
During WW2, the British used Spitfires to shoot down V1s. The V1s, pushed by a simple pulse jet, I presume are much faster than the drones. So some WW2 aircraft could be re-armed and used to shoot them down cheaply.
The British also employed a belt of radar-guided flak guns to shoot them down.
I don't hear any comparisons with the V1s, so my idea must be stupid, but I'm not seeing the flaw in it.
I think a big difference is that asymmetry has grown a lot: The modern drone is much cheaper than any manned aircraft (while V1/V2 needed comparable or greater industrial input compared to fighter planes).
If you want to scramble manned fighters (even WW2-style ones!) every time cheap drones are launched then the pure material cost per intercept might be acceptable (no guarantee here: you need more fuel and your ammunition is potentially more expensive than the drones payload, too), but the pilot wage/training costs alone ruins your entire balance as soon as there is any risk of losing the interceptors (either from human error/crashes or the drone operator being sneaky).
Big problem with stationary AA is probably coverage (need too many sites) and flak artillery is not gonna work out like in the past because the drones can fly much lower and ruin your range that way.
The V2 was so expensive it was rather catastrophic to the German war budget. V1s, on the other hand, were very cheap to make and deploy.
> you need more fuel
Not much of a problem.
> and your ammunition is potentially more expensive than the drones payload
I'd say it's on par. A few rounds into a slow moving target moving in straight line would be easy to hit.
> the pilot wage/training costs alone ruins your entire balance as soon as there is any risk of losing the interceptors (either from human error/crashes or the drone operator being sneaky).
The US somehow managed to train an enormous number of competent pilots in WW2. I doubt there would be any shortage of men eager to fly them and "turkey shoot" the drones down. And there'd be a lot of mechanics falling all over themselves to build those machines!
A lot of people might find the idea fun, but actually sitting around in some remote base, just waiting for the next wave of drones to come? Even if you draft those people "for free", they could be working (or raise a family) instead, so the human cost is always there.
In WW2, the US lost ~15000 airmen just in training accidents to crew the ~300k planes it built. I'm sure we could get that rate down substantially with modern simulators and safety investments (=> also not free), but human lives simply got comparatively more expensive (and competent pilots were not that cheap back then either).
The attacker, meanwhile, is certainly gonna lose less men building and controlling the drones, and he can afford at least 10 attack drones for every interceptor you build.
If you did something like this on a larger scale, a big concern would also be that your manned interceptor aircraft simply become targets themselves, so the "low-risk turkey shooting" could quickly degrade.
I do expect (non-suicide?) interceptor drones as countermeasure at some point (specifically against the "cruise missile with props" style of attack drones, less so in the FPV weight class), and those could be conceptually quite similar to old prop fighters.
The marginal cost of a fighter aircraft to shoot down a drone flying slow in a straight line would be minimal, especially compared with the expense of each guided counter-rocket.
As for being targets themselves, the drones would be in enemy airspace so who/what is going to target the fighters?
I don't see how you realistically get airframe cost below $200k; you need basically a cropduster with a bunch of electronic equipment and weapon systems on top. That's worth 10 attack drones at least (realistically, US military would probably pay several times that).
> As for being targets themselves, the drones would be in enemy airspace so who/what is going to target the fighters?
Something like a sidewinder strapped under some of the attack drones. If you create the incentive (juicy, trained pilots exposed in slow aircraft engaging at low range) your opponent is gonna adapt. Exactly this evolution happened with Ukraine sea drones (already shot down several russian aircraft).
Unlikely but they can be intelligent about their trajectory. That is avoid known areas of resistance, use natural features for protection.
Being slow moving as they are, they are quite vulnerable to countermeasures after they have been detected. I expected a-10s, helicopter gunships guarding critical infra, but have not heard of anything like that in the news.
I'm not sure it's as simple as that. Seems like the database company failed to communicate clearly what the token was for:
>> To execute the deletion, the agent went looking for an API token. It found one in a file completely unrelated to the task it was working on. That token had been created for one purpose: to add and remove custom domains via the Railway CLI for our services. We had no idea — and Railway's token-creation flow gave us no warning — that the same token had blanket authority across the entire Railway GraphQL API, including destructive operations like volumeDelete. Had we known a CLI token created for routine domain operations could also delete production volumes, we would never have stored it.
reply