If you are needing to version your password hashes, then you are likely doing them incorrectly and not using a proper computationally-hard hashing algorithm.

For example, with unsuitable algorithms like sha256, you get this, which doesn't have a version field:

    import hashlib; print(f"MD5:      {hashlib.md5(b'password').hexdigest()}")
    print(f"SHA-256:  {hashlib.sha256(b'password').hexdigest()}")


    MD5:      5f4dcc3b5aa765d61d8327deb882cf99
    SHA-256:  5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8

But if you use a proper password hash, then your hashing library will automatically take care of versioning your hash, and you can just treat it as an opaque blob:

    import argon2; print(f"Argon2:   {argon2.PasswordHasher().hash('password')}")
    import bcrypt; print(f"bcrypt:   {bcrypt.hashpw(b'password', bcrypt.gensalt()).decode()}")
    from passlib.hash import scrypt; print(f"scrypt:   {scrypt.hash('password')}")


    Argon2:   $argon2id$v=19$m=65536,t=3,p=4$LZ/H9PWV2UV3YTgF3Ixrig$aXEtfkmdCMXX46a0ZiE0XjKABfJSgCHA4HmtlJzautU
    bcrypt:   $2b$12$xqsibRw1wikgk9qhce0CGO9G7k7j2nfpxCmmasmUoGX4Rt0B5umuG
    scrypt:   $scrypt$ln=16,r=8,p=1$/V8rpRTCmDOGcA5hjPFeCw$6N1e9QmxuwqbPJb4NjpGib5FxxILGoXmUX90lCXKXD4

This isn't a new thing, and as far as I'm aware, it's derived from the old apache htpasswd format (although no one else uses the leading colon)

    $ htpasswd -bnBC 10 "" password
    :$2y$10$Bh67PQAd4rqAkbFraTKZ/egfHdN392tyQ3I1U6VnjZhLoQLD3YzRe

It's not a leading colon: It is a colon separator between the username and password, and the command used has the username as an empty string.

First one that comes to mind is https://morethanmoore.substack.com/

Run by a Dr. Ian Cutress. Never heard about before, seems to describe themselves like this:

> Industry Analyst, More Than Moore. Youtube Influencer and Educator.

Seems they're one example of the sad trend of people going from being experts and instead diving into "influencing" instead, which comes with a massive list of drawbacks.

Ian wrote a lot of in-depth technical reviews and articles at Anandtech. He’s not a nobody.

https://archive.is/2022.02.18-161603/https://www.anandtech.c...

Damn, for someone asking specifically for experts with blogs, you sure have harsh opinion of experts with blogs!

I would love to see joint tarrifs, together with US allies, to fight against things like sweatshop labor, state-supported industry, etc. That would really send a signal that those things are unacceptable, and lead to change.

That's not what we have here, and that's not what the Trump tarrifs are perceived as internationally.

ID is much easier to forge, it's just a flat 2-d shape. None of the physical security features come through in images.

In functioning states, the ID contains a chip with a private key that can be used to sign a message, and ID verification would not be an image of the ID card, but rather holding your phone's NFC reader to the card and signing a message from the site.

In Japan, there are already multiple apps which use something like this to verify user's age via the "my number card" + the smartphone's NFC reader.

It's more or less impossible to forge without stealing the government's private keys, or infiltrating the government and issuing a fraudulent card.

Of course, the US isn't a functioning state, the people don't trust it with their identity and security and would rather simply give all their information to private companies instead.

> In Japan, there are already multiple apps which use something like this to verify user's age via the "my number card" + the smartphone's NFC reader.

Does this also leak your identity to the app?

There is not a way to share just your date of birth. After providing your PIN it can read more than just your date of birth.

That's... partially true.

If you use the _digital_ MyNa card (e.g. the one in the Wallet.app; not the plastic one); the iOS SDK lets you only request the "is user more than XX years old" flag; without getting the actual identity: https://developer.apple.com/documentation/passkit/requesting...

Now, AFAICT nobody actually does this, but the technical ability is there.

When I had to prove my passport for my bank over a video call they told me to rotate it around in the sunlight to show that it had the holo-whatever ink. So I wouldn't put it past them.

A call requires a human, which is inherently not scalable. And even humans have trouble distinguishing AI content these days.

And it's not like Discord actually cares. They just care about appearing like they care. Something to keep the heat off of them from regulators and angry parents.

Discord built its own TSA?

A “video call” perhaps requires a human, but the type of test described need not be a video call. One can imagine a network trained to distinguish a fake id card from real one from a video recorded where the user is asked to move the card such that the holograph is glinting in the sunlight.

Their website is all AI generated and as far as I can tell, the only thing of substance on it is this cube: https://www.scraplabs3d.com/_next/image?url=%2FPXL_20260114_...

Their YouTube channel contains no video, no audio, and no images of the product. Red flag is red.

https://www.youtube.com/@ScrapLabs3D

I wouldn't know -- perhaps the HN Hug of Death™ is in play

> rs-sdk runs against an enhanced web-based client (botclient) which connects to the LostCity 2004scape server emulator.

> claims

That's all there is to it. Take a look at https://www.youtube.com/watch?v=5CJqAJ2LXw8&t=852.

Do you want it to run on your CPU, or someone else's GPU?

Is the local model's quality sufficient for your use case, or do you need something higher quality?

Anti-trans hate.

GP definitely meant the same thing, i.e. 'hate [that is] anti-transsexualism' to your 'hate [against] transsexualism'.

FYI, transsexual is an outdated term, with transgender being generally preferred instead :)

Out of curiosity, why 3.7 Sonnet? I see lots of people saying to always use the latest and greatest 4.5 Opus. Do you find that it’s good enough that the increased token cost of larger/more recent models aren’t worth it? Or is there more to it?

I misremembered :(

4.5 Sonnet, but because I've been stuck on 3.7 Sonnet for so long due to corporate policy I wrote the wrong thing.

And yeah corporate policy. Opus is not available. I prefer Codex for my personal coding but I have not needed to look in the Git history here yet.

Opus is pretty overkill sometimes. I use Sonnet by default. Haiku if I have clearer picture of what I'm trying to solve. Opus only when I notice any of the models struggle. All 4.5 though. Not sure why 3.7. Curious about that too.

I suspect they use the LLM for help with text editing, rather than give it standalone tasks. For that purpose a model with 'thinking' would just get in the way.

speed > thinking longer for smaller tasks.