"An area of oak-pine wood was selected East of Upton, and a tower was constructed that could raise and lower a canister from underground that contained radioactive source material, allowing for controlled dosage levels that emanated in a radius from the tower. The canister contained Cesium-137, which would emit ionizing gamma radiation without making the surrounding area radioactive itself."
Nobody is pretending fossil fuels are not producing value, if they did not nobody would bother using them in the first place. The argument is about the fact that they produce relatively short term value for the person using them, at the externalized expense of polluting the atmosphere and causing long-term environmental instability and destruction for every subsequent generation for the foreseeable future. Coastal regions (and whole islands like the Maldives) disapppearing under the ocean is immense and ongoing value loss for humanity. Ocean acidification destroying marine ecosystems is an immense and ongoing value loss for humanity. More frequent and more extreme hurricanes is an an immense and ongoing value loss for humanity. And on and on...
I think a lot of people actually dont realize the value it gives humanity. Lots of people think we would have been better of in an alternate universe where we never discovered oil & gas.
How is this short therm value for people using them? They are drivers of the most fundamental stuff in our day to day lives. Either enabling billions of people cheap efficient transport, efficient agriculture producing cheap food, cheap and efficient global shipping of goods, a great portable and ajustable source of electricity.
I think as of now its a question on how much you are willing to sacrifice human welfare over preserving current nature/environment. Extreme weather has largely been solved for humans, the trend is still less death and starvation caused by extreme weather, we are immensely adaptable and resilient.
Im not sure our current pace of reducing emissions is that horrible. There are reasons to why it takes time. I might be too optimistic, but I think we will largely solve human issues. Nature as you point out, im worried about, although I know less about. And its hard to quantify what the value is for us.
If oil and gas would not exist, then liquid fuel would be produced from coal. With the latest processes the cost of production is like 80 dollars per barrel, but with processes that Germans developed during WWII it was probably like twice of that in modern money.
In alternative universe that would be cheaper due to massive scale, but the era of very cheap liquid fuel would never happen. So electrical cars on big scale will happen much earlier. And given that coal is much more evenly distributed on Earth, one can speculate that there would be much less reasons for conflicts.
I dont think this makes sense, given how insanely much more polluting coal is. You have to burn massive amounts of coal to power the liquid refinery, 50% of the energy lost essentially in the conversion process. In addition to that liquid coal has double the emissions of regular oil. Air quality would have been a disaster.
EVs in scale would have maybe happened sooner, but they would have give us much less value, and I think in the end reaching current EV tech would most likely have taken longer than it did with oil and gas, just due to industrialization and technological innovation would progress much slower without oil and gas...
I think advanced green tech in general would have taken much longer time to develop also on an industrial scale when limited by coal only. Not to speak of human welfare would also have improved much slower.
What do you mean would have been? It was a disaster. Perhaps you are too young or insufficiently well travelled to have experienced the effects of burning coal in, say the UK in the 1950s and 1960s or in China even in the last few decades.
Without oil the push to solar and wind would also have been accelerated, probably.
What is it about oil and as that you think made it accelerate semiconductor R&D?
Yeah, my point was that it would have been even worse without oil and gas.
solar, wind and semiconductors all require a very advanced petrochemical supply chain. You simply couldn't produce any of this without products derived from oil and gas.
> You simply couldn't produce any of this without products derived from oil and gas.
That is simply untrue. Everything that is made from oil or gas can also be made from organic feedstock. I don't mean to say that it would be easy and it would certainly be slower to start with but it is certainly not impossible. Remember that the first plastics were made before the age of oil.
One currently used plastic that does not use oil or gas as a feedstock is cellophane [1], another is rayon [2].
In 1920 in Berlin there were more electrical taxes than gasoline one. But cheap gasoline killed electrical car industry.
Without that electrical cars would proceed to develop and batteries with high capacity would happen much sooner.
As for pollution it would not be that bad. Fuel would be expensive and cars with combustion engines would not happen on massive scale. There would be much more freight by trains and nuclear energy would be developed on much bigger scale.
You are talking as if oil and gas delayed the future, which I dont think makes sense at all.
I think we are underestimating all the derivatives we use from oil and gas here.
I think this is all very optimistic. I think not having oil and gas would have been a major setback to global progress I dont think it would have made us more advanced within batteries or electrical cars than we are today. And especially not even close to overall general global progress we have reached today.
> I think a lot of people actually dont realize the value it gives humanity. Lots of people think we would have been better of in an alternate universe where we never discovered oil & gas. How is this short therm value for people using them? They are drivers of the most fundamental stuff in our day to day lives. Either enabling billions of people cheap efficient transport, efficient agriculture producing cheap food, cheap and efficient global shipping of goods, a great portable and ajustable source of electricity.
People who oppose the fossil fuel industry do not suggest we return to the 17th century tomorrow. They suggest being less wasteful with the resources we have (nobody would die from eating lentils instead of beef, even though this would cause 98% reduced CO2 emissions) and investing in alternative solutions that achieve similar outcomes but cause less harm to the environment. Some things being more expensive or less convenient would not be a global humanitarian catastrophe, and since you strongly believe humans are immensely adaptable and resilient I think you would agree we could adapt to this as well if working together.
> I think as of now its a question on how much you are willing to sacrifice human welfare over preserving current nature/environment.
No, it's about how much you are willing to sacrifice the quality of life of the current generation to preserve the quality of live of subsequent generations. The worry about causing instability in the environment is not an aesthetic concern about the purity of nature being lost, the worry is that such instability will cause real and tangible death and suffering for real humans and have long term negative consequences for future generations.
> Extreme weather has largely been solved for humans, the trend is still less death and starvation caused by extreme weather, we are immensely adaptable and resilient.
You will have to provide some better source than your gut feeling and a cheerful attitude for me to believe you on this over the countless of people who have done actual analysis and vehemently disagree with you. Just a single example to get you started:
"This report’s projections of morbidity and mortality from climate-intensified natural disasters, cumulatively close to 15 million deaths, more than two billion healthy life years lost, and $12.5 trillion in economic losses by 2050 bring into focus the dimensions of the crisis. The risk from global warming threatens to destabilize both the healthcare ecosystems and the planet. [1]"
You claim to be against irrational decisions, but seem to base your "rational" view on very simplistic analysis about economic value always being good and the 17th century being bad, combined with a scoopful of wishful thinking.
Man, come on.. There are even at least two comments from people in this thread arguing this exact point. Ill promise you its frequency is even higher in the real world than on HN.
You must not be very much exposed to the environmental movement, or be much online, if you havent seen this.
> Allocating money through the government has not been a particularly successful strategy for improving the overall standard of living.
What are you even basing this assumption on? Just quickly comparing the highest ranking countries by Human Development Index with the highest government budgets per capita and the highest income tax rates would, if anything, support the opposite conclusion.
This is potentially a long conversation; but why would you start with rankings like this, which only go back a relatively short time?
Broadly speaking, human welfare got a lot better in the last three hundred years, due to productivity improvements that were tied to things like property rights, joint stock companies, availability of credit, &c.
We haven't really found a good alternative to it. It may seem to you that countries like Austria, &c, are doing the right thing by taking very large amounts of GDP out of the hands of private enterprise and using it "for good" instead of "for growth"; but that is just eating the seed corn. It looks good in the short term.
The HDI ranking has been published for 36 years now. And for many of those countries I would feel confident claiming the trend goes back to at least WW2, altough you would of course have to use other, contemporary metrics to support that to get a rigorous analysis.
If the initial step in your theory about human wellfare is to selectively ignore the last 35 or 75 years of history in the highest wellfare countries on earth, I think you should at least consider the possibility that your theory might be somewhat out of date.
Most of Europe post-war was very poor. I'm not sure the trend could go back as far as that.
How are you weighing the trend you highlight relative to overall long run success of private ordering, stock companies, readily available credit, strong private property protections, &c, &c, in raising people's standard of living?
There's only a limited amount of context and decisions that can be effectively communicated informally without looking at the code. Sometimes it is required that people look at the actual suggested implementation, and when doing so they might spot fundamental issues that had not been found beforehand. The conventional format for doing such a review is a PR.
Graphs can be abused and statistics can be misleading, and some things are hard to quantify and measure. But the author never makes any convincing case why the statistics would be wrong or misleading in this case: "I’m not here to argue with Scott’s statistics. I think they’re about as accurate as we could hope to make them. I’m here to argue that you don’t require them to make sense of the world".
His main argument is that many people feel crime is increasing, and that in itself is a good argument to disregard any falling numbers as obviously incorrect without any further justification being necessary.
The obvious problem is that people almost always say that crime is increasing, and they have consistently been shown to misjudge the actual trend for decades on end: "In 23 of 27 Gallup surveys conducted since 1993, at least 60% of U.S. adults have said there is more crime nationally than there was the year before, despite the downward trend in crime rates during most of that period." If we bought into the author's argument we would never be able to reach any other conclusion than that that crime has always been increasing and will always continue to increase.
During the satanic panic the the 1980's the populace at large were convinced that large swaths of satanists were routinely sacrificing and abusing children. The police was convinced it was a real problem and had special "satanic experts" to combat the issue, a huge amount of parents were genuinely afraid of their childrens' safety, and there were thousands and thousands of cases of reported ritual abuse. In reality and in hindsight there were zero evidence of satanic cults abusing children. The author's argument could, completely unmodified, be used to argue that we should listen to the people's lived experience instead of the evidence and conclude that the satanic cults must actually have been a real societal danger back then. Or is he only against disregarding someone's lived experience in favor of evidence when it is his lived experience?
It doesn't even matter if he is right in this case. Maybe the all the statistics is flawed and his feeling of rising crime rates is justified. The problem is that he offers no actionable heuristic that allows us to separate his intuition from other people's intuition that has been obviously wrong in hindsight, like the satanic panic.
The first one seems to indeed be a real RCE in vim.
Also including the emacs one as a "found vulnerability" seems really disingenuous. It basically amounts to "emacs will call git status, and git status will call git hooks that can execute arbitrary code".
1. As the Emacs maintainers point out, it is indeed an issue with git, not emacs, and they are completely right to not address the issue.
2. It is something that has been known for decades. That is the reason hooks are never copied when doing git clone, to prevent this scenario (notice that the author uses wget instead of git clone to get around this).
Funnily enough this posts highlights both the strengths and the hazards of using AI, (1) quickly and easily finding real issues that would have taken a human a laborious audit to find (2) quickly and unthinkingly generating plausible sounding but ultimately meaningless vulnerability reports on some clout chasing mission and overwhelming open source maintainers with AI slop.
> The first one seems to indeed be a real RCE in vim.
Barely, since there is little restriction as to what options modelines can set they should be largely considered equivalent to eval (if unintentionally). And generally they are which is why distros typically disable them by default.
IMHO in this day and age securemodelines should just be the default.
I don't know much about vim, but from the report it sounds like part of the issue was that disabling modelines would not prevent it:
> tabpanel is missing P_MLE
Unlike statusline and tabline, tabpanel is not marked with the P_MLE flag. This allows a modeline to inject %{...} expressions even when modelineexpr is disabled.
Edit: Upon re-reading the above I guess disabling modelineexpr is not the same as disabling modelines, and disabling modelines altogether might indeed prevent the issue.
But you would expect running "git status" or "git ls-files" in the unzipped directory to completely pwn your system? Probably not either.
If you don't trust git, you can remove from your system or configure emacs not to use it. If you are worried about unsuspecting people with both git and emacs getting into trouble when downloading and interacting with untrusted malware from the internet, the correct solution is to add better safeguards in git before executing hooks. But you did not report this to the git project (where even minor research beyond Claude Code would reveal to you that this has already been discussed in the git community).
I suspect that what happened here was that (1) you asked Claude to find RCEs in Emacs (2) Claude, always eager to please, told you that it indeed has found an RCE in Emacs and conjured up a convincing report with included PoC (3) since Claude told you it had found an RCE "in Emacs", you thought "success!", didn't think critically about it and simply submitted Claude's report to the Emacs project.
Had you instead asked Claude to find RCEs in git itself and it told you about git hooks, you probably would not have turned around and submitted vulnerability reports to all tools and editors that ever call a git command.
>But you would expect running "git status" or "git ls-files" in the unzipped directory to completely pwn your system? Probably not either.
That’s fair, but it would be pretty unusual for me to run Git commands in a directory I’m not actively working on. On the other hand, I open files from random folders all the time without really thinking about it, so that scenario feels much more realistic.
It’s extremely common for shell prompts to integrate Git status for the working directory.
Who’s responsible for the vulnerability? Your text editor? The version control system with a useful feature that also happens to be a vulnerability if run on a malicious repository? The thing you extracted the repository with? The thing you downloaded the malicious repository with?
Windows + NTFS has a solution, sometimes called the “mark of the web”: add a Zone.Identifier alternate data stream to files. And that’s the way you could mostly fix the vulnerability: a world where curl sets that on the downloaded file, tar propagates it to all of the extracted files, and Git ignores (and warns about) config and hooks in marked files. But figuring out where the boundaries of propagation lie would be tricky and sometimes controversial, and would break some people’s workflows.
If you untar a file and get a git repository, you should absolutely expect malicious behavior. No one does that, you clone repos not tarball them, and cloning doesn't copy hooks for precisely this reason
Microslop is saying “I’m sorry that you’re offended” and will continue to abuse their users. All of this is a PR campaign to fix their image so that they can raise more money.
It's a really interesting case study, but the summary seems to lean into the AI hype to an extent that borders on lying.
> His fabrication shop uses it daily, and he built the entire thing in 8 weeks. During those 8 weeks he also had to learn everything about Claude Code, the terminal, VS Code, everything.
I don't see how he can give this summary with a straight face after posting the interview that CLEARLY contradicts it.
In the interview the engineer says "When Claud Code came out almost a year ago, I started dabbling with web based tools ..." and "When it first came out I had so many ideas and tried all these different things", so he had clearly already used extensively it for a year. I would also guess the engineer was somewhat technically minded from the get-go, since he claims he was "really good with excel" before starting with Claude Code, but that is beside the point.
The interviewer later asks "How much of those 8 weeks was learning Claude Code versus actually building the thing?", and the interviewee answers "Well, I started Claude Code when it first came out so the learning curve has really gone down for me now..." and then trails off to a different subject. Which further confirms that the summary in the post is false.
It really seems like the engineer has spent the year prior learning Claude Code and then spent 8 weeks on solely building this specific application.
The interviewer also claims "This would normally have taken a developer a year to build", which seems really unsubstantiated. It's of course hard to judge without all the details, but looking at the short demo in the video, 8 weeks of regular development time from a somewhat experienced developer doesn't seem too far fetched if the objective is "don't make it pretty, just make it work".
As I said, it's a really interesting case study about a paradigm shift in how software is developed, and it's clear this app would never have existed without Claude Code. So I don't really see the need for the blatant lying.
I've noticed even experienced engineers have started overestimating how long things would take to build without AI. Believe it or not we coded before AI and not everything took years all the time.
We’ve all worked on projects where it took months to get requirements from the business. Sometimes to see the project cancelled after months of sitting around waiting for them to decide on things.
Coding has never been the roadblock in software. Indeed don’t we experience this now with ai? Vibe code a basics idea then discover the things we didn’t consider. Try to vibe that and the code base quickly gets out of hand. Then we all discover “spec driven development” SDD and in turn discover thinking of specifying everything our selves is an even bigger of PITA?
The standard for obscurity is different for LLMs, something can be very widespread and public without the average person knowing about it. DICOM is used at practically every hospital in the world, there's whole websites dedicated to browsing the documentation, companies employ people solely for DICOM work, there's popular maintained libraries for several different languages, etc, so the LLM has an enormous amount of it in its training data.
The question relevant for LLMs would be "how many high quality results would I get if I googled something related to this", and for DICOM the answer is "many". As long the that is the case LLMs will not have trouble answering questions about it either.
reply