Hacker News, Distilled

Personal impact and “data already leaked” sentiment

• Several commenters report receiving breach notifications; some note their data was already exposed in previous French government leaks.
• Many assume they are affected given the scale and history of French public-sector breaches.
• Some argue that name, address, and date of birth are already widely known or public in many countries, while others stress they are enough for scams or health-insurance fraud.

Government accountability and GDPR

• Debate on whether GDPR-style fines meaningfully apply to governments: fines would effectively be paid with taxpayer money.
• Suggested alternatives: firing or personally penalizing agency heads, demotions for infosec leaders, even harsh public punishments (the latter often tongue‑in‑cheek).
• Others argue penalties alone can’t prevent all breaches; structural questions about why and how much data is stored matter more.

Identity verification, biometrics, and digital ID systems

• Strong skepticism of biometrics: they can’t be rotated after compromise and can be faked with modest effort; considered a poor “password.”
• Others emphasize biometrics’ convenience and resistance to casual fraud, but concede privacy and leak risks.
• Multiple national systems discussed: France Connect and France Identité, Netherlands’ DigiD, Belgium’s itsme, India’s Aadhaar. These typically mix government-backed identity with MFA and/or NFC document scans.
• Concerns that the same governments pushing mandatory online ID and age verification repeatedly demonstrate poor security.

KYC, data minimization, and architectural alternatives

• Many criticize pervasive KYC and identity checks “for everything,” arguing they create massive honeypots that inevitably leak.
• Some praise France’s “single-use” digital ID proofs that limit disclosed data, recipient, purpose, and duration, while noting practical and device-compatibility issues.
• Calls for strict data minimization: don’t collect or store personal data unless absolutely required; consider local‑first architectures to avoid large central databases.
• View that we should design systems assuming breaches are inevitable, limiting blast radius and reliance on PII.

Security practices and trust

• Dispute over value of encrypting stored PII: if attackers own the server, they often get keys too.
• Proposals for a well-funded state “red team” agency doing continuous pentesting of other agencies and critical firms, versus checkbox audits.
• Some trust large tech firms (e.g., Google) more than governments on security; others see both as problematic.
• General fatigue with token remedies like “free credit monitoring” and a sense that constant leaks may reduce willingness to adopt new software or online services.

Scope of the discussion

• Thread centers on an NYPD officer accumulating hundreds of camera-based speeding and red‑light tickets, mostly in school zones, without losing driving privileges or job status.
• Debate branches into road safety, legal structure of camera enforcement, and police accountability.

---

Risk of speeding and road safety

• Many argue speeding is inherently dangerous, especially in dense or school areas; even moderate increases in speed sharply increase stopping distance and severity of injuries.
• A minority claim that if a driver hasn’t caused a crash after hundreds of violations, laws or limits may be too strict; others counter with statistics and note that “no known crash” is not proof of safety.
• Discussion highlights differences between driving alone on empty roads vs. near pedestrians and children.
• Some propose higher general speed limits plus tech like collision‑avoidance; others insist the proven levers are lower speeds, road redesign (narrowing, protected crossings), and turn restrictions.

---

Camera enforcement and legal loopholes

• Key issue: in New York, camera tickets are treated as low‑level violations tied to the vehicle/owner, not the licensed driver, and carry only small fines, no points.
• Result: a driver can rack up hundreds of tickets and legally keep driving, whereas three officer‑issued speeding tickets would suspend a license.
• There is disagreement on whether the owner should be compelled to identify the driver; some cite European practices, others point to U.S. self‑incrimination protections.
• Proposed fixes:
  • Registration‑based point systems and eventual revocation or seizure of “dangerous” vehicles.
  • Escalating fines scaled to income or vehicle value.
  • Reactivating or strengthening programs that mandate safety courses or allow impoundment after repeated violations.

---

Police standards, favoritism, and unions

• Many see this as emblematic of double standards: police both enforce and routinely violate traffic laws, often enjoying informal immunity (e.g., professional courtesy, special decals, weak discipline).
• Some argue cops, given their authority and privileges, should be held to higher off‑duty standards; others question extending job discipline to personal behavior.
• Police unions and qualified immunity are criticized as enabling lack of accountability; abolition or reform of public‑sector police unions is suggested.

---

Journalism, surveillance, and privacy

• Some feel the article verges on doxxing by visiting home and workplace; others say this is basic, appropriate reporting on a public servant.
• A few worry about “universal surveillance” via cameras; others see logging tickets as benign and necessary for safety.

Scope and impact of the compromise

• Attack targeted the @bitwarden/cli NPM package via a compromised GitHub Action in Bitwarden’s CI/CD, consistent with a broader Checkmarx‑related campaign.
• Malicious version appears limited to 2026.4.0 on NPM, live for a short window.
• Linked Bitwarden statement says:
  • Only users who installed the CLI from NPM during that narrow window and then ran it were at risk.
  • Other distributions (browser extensions, desktop/mobile apps, most web usage) are not affected.
  • If you ran the compromised CLI, you should assume all secrets on that machine and any writable executables could be compromised.
• Several commenters emphasize that vaults themselves were not exposed; the attack was on a tool that can access them.

NPM, GitHub Actions, and supply‑chain risk

• Many see this as another example of systemic issues with NPM and GitHub Actions:
  • Huge dependency trees, weak stdlib, and post‑install scripts enlarge the attack surface.
  • CI pipelines using third‑party Actions are a recurring compromise vector.
• Others argue the problem is ecosystem‑wide, not JS‑specific; any popular package manager is a target.

Bitwarden CLI design and trust

• Some are uneasy that a password‑manager CLI is written in TypeScript with many dependencies, interpreting that as “not security‑first.”
• Disagreement over whether a password manager “needs” a CLI:
  • Pro‑CLI: necessary for non‑graphical environments and automation; GUI is just another UI with same access.
  • Anti‑CLI: expands attack surface and offers a high‑value exfiltration target.

Password manager UX vs security trade‑offs

• Concern from browser‑extension users: what if extensions or GUIs are compromised next?
• Some avoid browser extensions entirely, using standalone apps and manual copy/paste or auto‑type; others argue extensions are a major anti‑phishing benefit because they only autofill on correct domains.
• Debate about synced/cloud password managers vs local‑only solutions and about splitting secrets (e.g., TOTP separate from passwords).

Alternatives and “local first” approaches

• Multiple mentions of KeePass/KeePassXC and pass/gopass, often synced via generic file sync (Syncthing, cloud drives, VPN, etc.).
• Some prefer self‑hosted Bitwarden (Vaultwarden) or alternative CLIs (e.g., Rust‑based) to avoid NPM.
• Others move to platform‑integrated managers (Apple Passwords, browser‑built‑ins) to reduce third‑party risk.

Mitigations proposed

• Set minimum release ages / “cooldowns” for package managers (npm, pnpm, bun, uv, Renovate/Dependabot) so new versions aren’t auto‑adopted for days.
  • This would have blocked the malicious Bitwarden CLI and similar fast‑removed packages (axios, ua‑parser‑js).
  • Critics note cooldowns delay urgent security fixes; proponents say overrides and whitelisting can handle true emergencies.
• Use pinned dependencies, lockfiles, and distrust wide semver ranges in critical software.
• Prefer package ecosystems and tooling that:
  • Build from source, avoid post‑install scripts, and sandbox builds.
  • Support central or internal scanning, quarantining, and staged rollout of new releases.
• Some advocate compartmentalizing: separate user accounts or machines for dev vs sensitive activities.

Broader concerns and open questions

• Worry that supply‑chain attacks are becoming constant and will continue or worsen.
• Irony noted that Checkmarx and other security tools/companies themselves are part of the attack chain.
• Ongoing tension highlighted between:
  • Updating quickly for vulnerabilities vs. risking poisoned updates.
  • Rich ecosystems and fast iteration vs. minimal, auditable dependencies.

Policy & legal process

• Change currently applies only to FDA-covered or state-licensed medical cannabis products; broader rescheduling is subject to a future hearing.
• Debate over presidential power: some claim reclassification is “just a pen stroke”; others argue it required multi‑year scientific and regulatory review and DEA cooperation.
• Disagreement on credit: some say the prior administration merely finished a process initiated earlier; others say it canceled earlier work and restarted it.
• Concern about ruling by executive order vs. going through Congress and agencies; some see executive shortcuts as undemocratic even if they like the outcome.
• Question raised whether DEA, not DOJ, must formally reclassify, and how this interacts with existing schedules.

Party politics & criminal justice

• Many see prior inaction (by multiple presidents) as political calculation: fear of alienating unions, law enforcement, or specific voter blocs.
• Some note major declines in federal marijuana prosecutions and mass pardons for simple possession, but emphasize most enforcement is at the state level.
• Private prison and police incentives are cited as reasons for long‑standing opposition to reform.
• Disagreement whether “legalize it” is an electoral winner: some see it as low‑risk, high‑reward; others think it matters only at the margins or has lost salience as more states legalize.

Health impacts & mental health

• Strong call for a “grown‑up” discussion: cannabis can help some but clearly harms others, especially heavy users and people with depression or neurodivergence.
• Multiple commenters report cannabis worsening or prolonging anxiety, depression, or psychosis‑like symptoms; others describe substantial relief of pain, mood, and autistic traits with specific strains.
• Consensus that cannabis is not a universal treatment for mental health; evidence cited that benefits are limited for conditions like depression and anxiety, and that cannabis use disorder is real.
• Concerns over very high‑THC products, rapidly rising tolerance, and adolescent brain development.
• Frequent comparison to alcohol and nicotine: many argue current policy is inconsistent given alcohol’s known high harm, but agree none of these drugs are “safe.”

Addiction, regulation & freedoms

• Broader discussion about “vulnerable minorities” who cannot use drugs, gambling, or loot‑box mechanics responsibly; tension between personal freedom and corporate exploitation.
• Some argue prohibition has clearly failed (esp. in hard drugs), favoring regulation and social support instead; others note that completely unregulated access (e.g., opiates, gambling apps) has also been disastrous.
• Debate over 12‑step programs: some dismiss them as religious; others defend them as flexible, effective, and not inherently sectarian.
• Philosophical split: one side insists adults should be free to consume any plant they grow; others point to poppies, invasive species, or asbestos as counterexamples where regulation is justified.

Everyday impacts & social norms

• Several support legalization but dislike pervasive cannabis odor, especially in dense cities or shared housing; some advocate bans on all public smoking/vaping.
• Others emphasize respect for non‑users: fine to use privately, but not to impose smoke or smell on others.
• Banking access and taxation are seen as next practical steps, with ideas to channel tax revenue into treatment and mental health services, though past examples (e.g., state marijuana or lottery revenues) are viewed skeptically.

Insider abuse and telco security controls

• Several anecdotes describe telco employees abusing internal access to track ex-partners, sometimes without leaving obvious logs (e.g., packet captures, access to raw telemetry).
• Others, including people claiming telco experience, strongly dispute how easy this is: they say access to enriched location data is tightly restricted, CRM data is segregated, and lawful intercept systems are on separate, hidden paths.
• There is disagreement on how many employees at large operators can see both location and customer data; some say “almost none,” others say “dozens” at big carriers.

Law enforcement and accountability

• Multiple commenters describe police largely ignoring stalking and tech-enabled harassment, even when evidence is provided, across the US, Australia, UK, and Europe.
• Others insist that in their jurisdictions such allegations would be investigated and could lead to charges, but this is met with skepticism and counterexamples.
• Telco governance and privacy offices are portrayed by some as serious and responsive, by others as theater, with audits allegedly being fudged.

Technical vectors: SS7, 4G/5G, lawful intercept

• SS7 is repeatedly cited as a long-known, unfixed weak point enabling silent location tracking and protocol downgrade attacks, even for 5G users.
• Some note that “ghost” or shell operators can abuse interconnect signaling outside normal legal processes.
• Lawful intercept and emergency services paths are described as intentionally opaque, sometimes even from normal telco monitoring tools.

Global data markets and state abuse

• Russia is mentioned as an example where telco and travel data reportedly leak onto black markets and have been used by journalists and opposition figures; some initially claim these DBs are fake, others counter with documented uses.
• Comments suggest similar surveillance and leakage in the UK, Israel, and Australia, and that “everyone does it, some just got caught.”

Israel, Gaza, and geopolitics

• The Israeli surveillance/export industry is linked in discussion to broader military and intelligence practices.
• Gaza and neighboring regions are described by several as a “testing ground” or “laboratory” for advanced tracking and targeting technologies, with concern they will be deployed more broadly.

Privacy attitudes and coping strategies

• Many argue most people no longer care about being tracked, citing mass use of big tech apps with location access.
• Suggested mitigations range from disabling background location, to keeping SIMs in dumb phones at home, to using data-only SIMs and encrypted apps, to leaving phones behind entirely.
• Others consider privacy effectively dead and foresee pervasive surveillance enabling “tailor-made hells” and black markets for “private comms” tech.

Framing of “winning AI”

• Many reject the whole “win” framing as sports-like and misleading.
• Some define “winning AI” as actually suppressing or tightly constraining it, not dominating it.
• Others say US “winning” really means a few private companies and billionaires, not the country or its citizens.

US vs China vs Others

• Some prefer the US over China by default; others now see China as more stable, long‑term oriented, or at least more predictable.
• Critics argue the US lacks rule of law, is driven by short‑term profit and violent foreign policy, and behaves as an unstable hegemon.
• China is described both as a technocratic, anti‑elite system and as a one‑party authoritarian state with severe downsides, including cultural homogenization and ethnic dominance.
• A number of commenters prefer Europe or “no hegemon” at all, rather than choosing between US and China.

Elites, oligarchs, and hegemony

• Strong focus on “who benefits”: expectation that AI gains will accrue to oligarchs, not the public.
• AI race is framed as feuding “castles” (corporations) vying for chokepoints, not national projects.
• Deep distrust of US tech elites, “techno‑oligarchs,” and “tech bros,” including those who talk about neofeudalism, Mars, or effective altruism / e‑acc.

Open source, diffusion, and access

• Many want no single winner; they want widely diffused capabilities and open‑weights models.
• Hope that open‑source AI plus robotics could let individuals remain economically independent, versus techno‑feudalism.
• Skepticism that open source can “win the market,” given massive resource needs and corporate control, though Chinese open models are cited as counterexamples.

Societal futures and risk

• Dystopian visions: ad‑saturated lives, work enforcement by robots, pervasive surveillance, heavy regulation keeping AI out of ordinary hands.
• Protest and resistance seen as hampered by polarization, cynicism, and potential future repression.
• Debate over existential risk: some see AGI as an extinction race; others argue AI may hit limits or could enable cooperative, positive‑sum outcomes.

Unsubscribe Links, Trackers, and Email Scanners

• Several commenters say email read-tracking and “one-click unsubscribe” are badly degraded by security scanners that prefetch links and images.
• Others argue the real problem is spam and unethical mailing practices, not scanners.
• Strong sentiment that unsubscribe must be easy and not gated by CAPTCHAs; if it is, many will mark as spam instead.
• Some note standard headers like List-Unsubscribe (and related POST variants) are more robust and supported by infrastructure (e.g., required for bulk deliverability), though client UX support is mixed.
• Disagreement over whether scanners actually submit unsubscribe forms vs. just following links; some suspect poor implementation (GET with side effects) and business incentives behind using CAPTCHAs.

Read Receipts, Tracking, and Privacy

• Commenters distinguish between protocol-level read receipts and tracking pixels.
• Many disable remote content to avoid tracking, but others point out scanners can defeat this by preloading images/links anyway.
• Some are explicitly glad stronger read receipts “died,” seeing them as privacy-invasive and marketer-friendly.

X.400 vs SMTP: Complexity, Features, and Failure

• Broad agreement that SMTP “won” because it was simple, open, and easy to implement and debug.
• X.400 required explicit routing configuration and complex addressing; SMTP leverages DNS and simple domain-based routing.
• Many describe X.400 and related ITU/OSI stacks as overengineered, expensive, poorly documented, and often only partially implemented.
• Features like recall, guaranteed deletion, or protocol-level multicast are criticized as either impossible to truly guarantee or better handled at endpoints (mailing lists).
• Several share painful operational stories of X.400, Novell connectors, “bang path” routing, and legacy EDI/X.400 systems still limping along.

Standards Culture: ITU/OSI vs IETF/Internet

• Repeated theme: complex, committee-driven telco standards (X.400, X.25, ATM, OSI) lost to simpler, “worse is better” Internet protocols.
• IETF’s open RFCs and accessible implementations contrasted with costly, obscure ITU specs.
• Some note X.509 and pieces of X.500/LDAP persist, but often in ways that ignore the original grand architecture.

Email Properties and Alternate Histories

• Several value email’s immutability and distrust features like recalls or auto-destruct.
• Discussion of hypothetical paid “e-stamp” email to fight spam: some see it as reducing spam; others say micropayments would stifle organic communication and users would flee to free channels.

AI, Original Content, and Incentives

• Several comments worry AI will “poison its own well”: models depend on human-created content, but free content is being paywalled or degraded as ad revenue and traffic drop (Wikipedia, review sites, etc.).
• Some suggest LLMs could underpin a long-dreamed micropayment system where usage-based fees are shared with content creators; others counter this risks incentivizing spam and is functionally similar to taxation funding public goods.

Micropayments, Spotify, and Creator Pay

• A recurring analogy is “pay out like Spotify,” but many argue streaming models mainly favor major players and encourage fraud/bot activity.
• Some note Spotify’s overall payout percentage is not terrible, yet per-creator income is low because subscriptions are cheap and revenue pools are unevenly distributed.
• Alternatives like Bandcamp and copyright-alternative schemes are mentioned as more creator-friendly reference points.

AI, Capitalism, and Inequality

• Multiple comments argue AI under current economic structures will deepen inequality: verified information stays behind paywalls while the masses get low-quality “slop.”
• Others stress the core problem is wealth concentration and incentives under capitalism, not the technology itself, and call for non-wealth-based incentives for progress.

Ars AI Policy, Accountability, and Ethics

• Many see the policy as a response to Ars’ previous incident with fabricated AI quotes and a fired reporter.
• Critics call the policy self-contradictory: it permits AI for research/summarization but says reporters bear full responsibility; they argue verification thorough enough to catch all hallucinations negates any efficiency.
• Supporters say this is no different from using Wikipedia, search engines, or human sources: tools can assist, but journalists must verify and not treat AI as authoritative.

Practical Use of LLMs in Journalism

• Advocates propose LLMs as “metal detectors” over large document dumps (e.g., leaks, datasets) that surface leads to be manually checked, not as oracles.
• Skeptics argue LLM output is optimized for plausibility, not truth, making it unsuitable where accuracy is paramount.

Visuals, “Slop,” and Reader Backlash

• The policy’s allowance for AI-assisted visuals but human-led “creative direction” is seen by some as vague and more about vibes than enforceable limits.
• Some commenters now treat Ars as an “AI slop factory,” plan to avoid it, or even use scripts to blacklist the domain, while others are more pragmatic and will continue using whatever source (AI or human) yields the most useful news.

What exe.dev offers

• Pooled-compute model: you buy a fixed bundle (e.g., 2 vCPU, 8 GB RAM, 25 GB disk, 100 GB transfer) and can split it into many small VMs that share those limits.
• Strong SSH-first UX: ssh exe.dev to sign up and manage; built-in HTTPS proxy gives each VM a URL; geared toward root-on-a-Linux-box workflows and agent-style workloads.
• Scope is intentionally narrow: more “developer cloud / agent farm” than full-featured cloud (no managed DBs, limited networking features, unclear data-center details).

---

Pricing and cloud economics

• Many see $20/mo for pooled resources as attractive compared to hyperscalers’ fragmented, surprise-heavy bills.
• Others note transfer at $0.07/GB is still high vs raw bandwidth; some call this inconsistent with the blog’s criticism of egress pricing. The team says this is a legacy number they plan to lower.
• Debate over whether this is cost-competitive with cheap VPS or bare metal; some say it must add higher-level value (tooling, UX) to justify price.

---

Storage, IOPS, and bandwidth

• Long subthread measuring IOPS/latency across Hetzner, DigitalOcean, netcup, and Hetzner dedicated; consensus: local NVMe is massively faster and cheaper than network block storage.
• Others defend SAN-style block storage with redundancy and point-in-time snapshots as inherently expensive and often a poor abstraction for higher-level systems.
• Bandwidth pricing across clouds widely criticized as disconnected from actual costs and designed to lock in customers.

---

Comparisons to VPS / bare metal providers

• Hetzner, OVH, netcup, and others are repeatedly cited as dramatically cheaper and faster for many workloads; some wonder what exe.dev offers beyond “a nicer wrapper around hcloud/CLI.”
• Counterpoint: many companies pay more for cloud to avoid owning hardware and staffing ops; with LLMs, some think running DIY infra is getting easier again.

---

Kubernetes, DevOps, and complexity

• Huge split: some say most small/medium apps should just run on one or a few VMs (Kamal, Docker Compose, simple Ansible/Terraform), and K8s is overkill that bloats cost and incident count.
• Others argue K8s is a powerful, standardized “OS for services” that solves real problems at scale (immutable deploys, rolling updates, multi-env parity, service discovery).
• Many complaints aim at social dynamics: resume-driven decisions, vendor marketing, management fear, operator sprawl (operators, meshes, GitOps, etc.) rather than K8s’ core design.
• Several note that teams often “rebuild a worse Kubernetes” with ad‑hoc scripts and tools; others prefer lighter alternatives (Nomad, Swarm, k3s, systemd + containers, Uncloud, Dokploy).

---

AI agents and “vibe coding”

• exe.dev is positioned as friendly for LLM-based agents and ephemeral dev boxes.
• Some are excited by the ability to spin up lots of cheap, isolated environments for agents, previews, and personal tools.
• Others worry about an explosion of mediocre, insecure “vibe-coded” backends by non-experts; argue platforms should constrain what such users can do server-side.

---

Security, sovereignty, and compliance

• exe.dev’s control plane and some early VMs still run on AWS; most customer VMs now on other bare metal or self-racked hosts. They plan to move fully once compliance is sorted.
• European commenters stress need for truly EU-sovereign clouds (EU companies, not just EU regions) due to the CLOUD Act; US-based providers in EU data centers don’t fully solve this.

---

Startup and meta reactions

• Mixed response to the blog’s tone: some find the ambition and transparency inspiring; others read it as self-important.
• Many praise the minimal, playful landing page and SSH-based onboarding experience.
• Skeptics question differentiation vs existing VPS/bare-metal offerings and worry the service will inevitably drift toward the same pricing and complexity patterns as major clouds.

Value of bit-for-bit reproducible images

• Reproducible images are seen as a “boring but real” win: even tiny deltas (e.g., a few bytes of timestamp difference between “identical” images) can cost hours of debugging.
• They give confidence for auditing, security, certification, and safety‑critical uses.
• Some argue reproducibility is especially important for base distro images, even if not all application images need it.

Reproducible builds ecosystem

• Arch’s work is framed as part of a broader, long‑running reproducible builds effort (Debian project, cross‑distro community, bootstrappable builds).
• Reproducible‑build dashboards for Arch are mentioned as a way to track coverage.

Dockerfile practices and alternatives

• Many call apt-get update in Dockerfiles an anti‑pattern; all dependencies should be pinned for reproducibility and auditing.
• Counterpoint: reproducible images are not always necessary; sometimes convenience and speed matter more.
• Alternatives discussed:
  • Distro snapshot mirrors by date.
  • Copying binaries from other prebuilt images.
  • Using package managers outside the container root (Buildah, yum/apt with --installroot, chroot).
  • Multi‑stage builds that keep the package manager only in build stages.
  • Managed services and tooling for dependency caching and image rebuilding.

Security vs reproducibility trade-offs

• Tension: pinning to old snapshots keeps builds reproducible but leaves known vulnerabilities; live apt update improves security but breaks reproducibility.
• Some argue containers older than weeks are effectively “expired” anyway.
• Others emphasize automated, reproducible update workflows (e.g., CI pipelines, dependency bots, image vendors) as a way to get both security and auditability.
• Debate over whether automatic updates introduce supply‑chain risk vs. the clear benefits of timely security fixes.

Nix, Guix, and alternative systems

• Multiple posters claim Nix “solves this” with content‑addressed, pinned builds and binary caches; Bazel and other systems are cited as similar.
• Critiques of Nix: package freshness issues, some packages using binary downloads, complexity, and recent security concerns.
• Guix and more exotic tools (e.g., Stagex) are mentioned as alternatives.
• Some argue “mutable” distros with good install scripts can outperform fully declarative systems for usability, while others strongly prefer NixOS‑style reproducibility.

Arch, workflows, and misc. tangents

• Arch users describe workflows using Arch base images and VMs to test dotfiles and full desktop setups; Infrastructure‑as‑Code concepts are applied even outside Nix.
• NixOS is praised for low‑stress, reproducible system management, although portability and multi‑OS support remain concerns.
• There’s brief discussion of web metrics (CLS not capturing deliberate animations) and a nitpick that “OCI image” is more accurate than “Docker image.”
• Several comments express admiration for the scale of work behind making Arch’s image reproducible.

Nature of the Bug and Fix

• iOS cached notification payloads (including message text) in local databases/logs for up to about a month.
• Even after Signal messages were deleted or the app uninstalled, message contents could be recovered from this cache with forensic tools.
• Apple’s update changes this so notifications “marked for deletion” are actually removed or better redacted; classified as a logging issue.
• Some commenters note it’s unclear whether all dismissed notifications are now fully purged, or only some paths.

Push Notifications, Caching, and Privacy

• Many participants stress that OS-level notification systems sit outside app-level E2E encryption and can log plaintext once rendered.
• There is confusion and disagreement over how APNs/FCM work:
  • Some claim notification content typically passes through Apple/Google in plaintext.
  • Others emphasize that privacy-focused apps can send empty or encrypted payloads and generate local notifications on-device.
• Several highlight that even timing and existence of notifications constitute sensitive metadata.

Signal and Other Messengers

• Signal’s push payloads are described as empty “wake” signals; the app fetches encrypted messages and generates local notifications itself.
• However, if Signal is configured to show full message previews, those previews were still cached by iOS and became recoverable.
• Users note that disabling previews inside Signal (not just iOS settings) is important, and that this distinction is non-obvious.
• Comparisons are made to WhatsApp, Telegram, Matrix, Snapchat; many consider some of these unsuitable for strong guarantees.

Platform and OS Trust Concerns

• Recurrent theme: E2E crypto is limited by what the OS does with decrypted text (notifications, logs, knowledge databases, sync).
• Some see this as an inherent, hard-to-solve category of risk so long as the OS is closed-source and heavily logs behavior.
• Others argue iOS remains one of the more secure platforms, but acknowledge users ultimately must trust Apple’s claims.

iOS Versions, Auto-Updates, and UX

• Apple backported the fix to iOS 18, but some report that updating re-enabled automatic updates and pushed toward iOS 26.
• Experiences differ on whether auto-updates get silently toggled back on; some call this manipulative.
• iOS 26 is described by some as buggy and to be avoided for now.

Forensics, Cellebrite, and “Bug vs Backdoor”

• The extraction described used standard forensic tools (e.g., Cellebrite, Magnet) on an unlocked or accessible phone, not server-side access.
• Some wonder whether such bugs are accidental or deliberate “bugdoors”; others invoke the “stupidity over malice” explanation.
• There is debate over Apple’s relationship with forensic vendors and whether Apple might acquire or analyze their tools.

US Energy Policy, Politics, and Representation

• Many see US corn‑ethanol policy as a product of farm lobbying and structural politics (Senate overrepresentation for low‑population states, Iowa’s primary role).
• Some argue the Constitution’s design (Senate, small House) entrenches rural influence; proposals include massively expanding the House to dilute small‑state power.
• Others counter that the federal government is doing too much beyond its intended scope, so Senate imbalances matter more than they should.

Corn Ethanol: Subsidies, “Food Security,” and Inefficiency

• Corn ethanol is widely called a “scam” or handout: ~40% of US corn goes to ethanol despite poor energy return and a 31:1 land‑efficiency gap vs solar.
• Defenders frame it as food‑security policy: overbuilt corn capacity that could be redirected to food in crisis.
• Critics respond that the Renewable Fuel Standard mandates overproduction, harms global farmers by depressing prices, degrades soil, and is a bad way to preserve capacity.

Solar Land Use and Transmission

• Analysis in the thread: converting just ethanol corn land to solar could (on paper) meet or exceed US electricity needs, especially when accounting for higher efficiency of electrified end uses (EVs, heat pumps).
• Disagreement over how easily electricity can be moved long distances: some emphasize grid capacity constraints; others note existing interconnections and modest transmission losses.
• Several note that solar can coexist with vegetation and grazing, and may actually improve soil relative to industrial monoculture corn.

Alternatives: Geothermal, Synthetic Fuels, Engineered Plants

• Geothermal is praised as a high‑potential, low‑input, long‑lived resource; concerns center on long‑term reservoir heat depletion and turbine lifetimes.
• Discussion of solar‑driven synthetic fuels (e.g., Sabatier, direct air‑to‑fuel) and solar‑powered protein production via microbes; framed as longer‑term, higher‑complexity options compared to simply replacing ethanol with solar.
• Genetic engineering to improve photosynthetic efficiency is mentioned as promising but unproven at scale.

Food, Vertical Farming, and Ecology

• Ideas about using solar + LEDs to optimize plant spectra and 3D farming face skepticism; vertical farming is described as commercially failing and biomass‑limited.
• Several argue reducing cropland (especially corn for fuel) would allow rewilding and richer biodiversity; others warn large ground‑mounted solar arrays also disturb soils and habitats.

Overall interpretation of the NAEP trends

• Scores for 13‑year‑olds peaked around 2012 and have fallen back toward 1980s levels, especially in math.
• Some see this as regression after an unusually high peak; others stress that losing decades of gains is alarming, not “normal regression.”
• Long‑term trend data are sparse between 2012–2020 due to canceled tests; the more frequent “main NAEP” shows a plateau then a sharp COVID‑era drop and partial rebound.

COVID vs pre‑existing trends

• Many attribute the 2019–2023 drop primarily to COVID shutdowns, remote learning, and post‑pandemic absenteeism.
• Others note smaller, earlier declines (or stagnation) pre‑COVID and argue COVID accelerated but didn’t start the problem.
• A few mention research on possible direct cognitive effects of COVID infection; others counter that the decline predates the pandemic.

Technology, attention, and youth culture

• Very prominent theme: smartphones, social media, infinite‑scroll, and short‑form video erode attention spans and displace focused study.
• Some broaden this to “iPad babies” and always‑online entertainment, which also distracts parents from engaged parenting.
• A minority points out NAEP levels are still above pre‑1990 in math and that tech also enables excellent learning resources; they blame how tech is used, not its existence.

Funding, administration, and system design

• One camp cites flat or eroded real budgets in some states, school closures, and uncertainty for teachers.
• Others present data that per‑student spending has risen substantially over decades, arguing that money is misallocated (admin bloat, compliance, weak accountability, corruption) rather than insufficient.
• Debate over vouchers/charters: some see them as an attack on public education and special‑ed funding; others say they provide needed options and that the real problem is dysfunctional districts.

Curriculum, standards, and pedagogy

• Critiques of No Child Left Behind, Common Core, endless testing, and “data‑driven” fads that turn teachers into facilitators following low‑quality scripted materials.
• Some highlight weaker rigor, little homework, and elimination of advanced tracks; others think “busywork” homework is pointless but agree that sustained practice matters.
• Reading instruction is faulted for moving away from phonics; Mississippi’s “science of reading” reforms and retention policies are cited as a positive counterexample.

Demographics, inequality, and culture

• Some posters attribute declines to demographic change or lower‑IQ immigrant populations; others call this racist and note similar drops across ethnic groups and performance percentiles, implying a system‑wide issue.
• Strong emphasis on home life: family stability, poverty, homelessness, and parental expectations are seen as decisive. Schools struggle when many parents are disengaged or overwhelmed.

Proposed or implied responses

• Tighter limits on screens/phones for children and in classrooms.
• Refocusing on evidence‑based instruction (especially phonics and direct instruction) and higher expectations, including grade retention when standards aren’t met.
• Cutting administrative overhead, strengthening classroom authority, and possibly expanding choice where local schools are failing.
• More vocational/occupational training in high school so education feels relevant to students facing economic stress.

Overall reaction to the concept

• Many find the “infinite visual browser” / live-generated illustrated pages a fresh, imaginative interface.
• Several compare it to Encarta, Dorling Kindersley books, or the “Young Lady’s Illustrated Primer” / Diamond Age vibe.
• Some see it as an early glimpse of “model as computer” or generative UI where the app is created on demand.

Performance, cost, and practicality

• Repeated complaints that it’s extremely slow, especially under the “HN hug of death.”
• Error logs show Gemini API quota/rate-limit issues; the creator says costs are out of pocket and unexpected at this scale.
• Many doubt practicality until inference gets 10x+ faster and cheaper; some expect huge inference bills to kill such demos.

Accuracy and hallucinations

• Strong split here:
  • Some users get surprisingly good diagrams (e.g., torque specs, car suspension, hydroponics, cat coat genetics).
  • Many others report severe inaccuracies in domains they know well: car engine bays, PC components, nuclear reactors, game maps, PWR diagrams, shed plans, poker charts, counting, crypto basics, even uploaded Mac Pro internals.
• A recurring theme: visuals often “look right” but are wrong in crucial details, with mislabeled parts and nonsensical layouts.
• Several argue this makes it dangerous for learning or any task where correctness matters; others insist it’s “just a demo” and future models will improve.

Use cases and potential

• Seen as especially compelling for:
  • Kids and casual exploration (“What’s that?” phase, mind-map-style browsing).
  • Sci-fi, fantasy, and surreal prompts where accuracy doesn’t matter.
  • Future educational tools if paired with vetted sources and better models.
• Some users want source panels, open-sourcing, or domain-specific training (e.g., manufacturer manuals).

Ethical and societal concerns

• Criticism that it monetizes uncredited human cultural/illustrative work via corporate models.
• Worry that such tools normalize low-accuracy “Potemkin knowledge,” lowering expectations and potentially polluting understanding at scale.
• Others counter that early flaws shouldn’t obscure the trajectory; they liken this to early cars or early GANs and predict rapid improvement.

Implementation and framing critiques

• Some argue the “live streamed website” framing is overhyped; technically it’s sequential image generation plus click-based prompting.
• Nonetheless, many praise the UX and interaction design even if the underlying technique is simple.

Over‑editing vs Minimal Changes

• Many report LLM coding agents fixing a small bug by rewriting large chunks of code or multiple files, increasing cognitive complexity and “code churn.”
• Users distinguish useful refactoring from arbitrary rewrites; most say agents frequently do the latter, including unnecessary comments and try/catch blocks.
• Some compare this to junior dev behavior: large, “clean-up” PRs for tiny feature changes, violating the norm of low‑impact changes and small diffs.

Refactor‑as‑You‑Go Debate

• One camp defends the “Boy Scout rule”: modest refactors while you’re in an area, especially when not refactoring would force hacks.
• Another camp stresses Chesterton’s Fence: don’t touch code outside the current task unless you deeply understand it, and keep refactors separate from feature commits/PRs.
• Several suggest compromise: refactor, but in follow‑up PRs, or cap refactor scope (e.g., ~10% of a change).

Autonomous vs Steerable Agents

• Strong concern about fully autonomous agents: they touch many files, run scripts/tests/deployments, and can wipe databases or mishandle credentials.
• Some find “babysitting” every command exhausting; others accept slower, supervised workflows as the only safe and comprehensible option.
• Many argue for semi‑autonomous, steerable agents with granular tools, strong constraints, and explicit human design/architecture decisions.

Learning, Understanding, and Cognitive Load

• Several worry that offloading too much work atrophies skills and leaves them not understanding their own systems.
• Others report productivity doubling while still reviewing every line and treating the agent as a junior pair‑programmer or code reviewer.
• Some find agent‑driven workflows too tedious or anxiety‑inducing and prefer manual coding except for small tasks.

Safety, Sandboxing, and Secrets

• Recommended mitigations: no prod creds, strict environment separation (VMs, containers, separate pods), no unrestricted shells, tool‑wrapped commands, and read‑only or short‑lived tokens.
• Some note agents can behave securely one day and carelessly the next, reinforcing the need for structural protections, not just instructions.

Prompting, Harnesses, and Alignment

• Explicit prompts like “minimal change,” “no refactors,” or “don’t modify unrelated code” help but don’t fully solve over‑editing.
• Users report better behavior with:
  • Lower “thinking”/complexity modes.
  • Project‑specific guidelines (AGENTS.md, skills).
  • Quality gates, diff regression checks, and multi‑agent review.
• One comment highlights research: RL‑based fine‑tuning seems to generalize better than SFT for enforcing minimal editing style.

Overall Sentiment

• Many commenters like Zed’s speed, multibuffer editing, and general feel; some call it the best editor they’ve used recently.
• Others feel its relevance is slipping as they move to terminal-based workflows (e.g., NeoVim + separate agents) or to dedicated AI IDEs.
• Parallel agents are seen by some as a genuine step forward; others find them cognitively overwhelming or unnecessary.

Parallel Agents & Worktrees

• Strong interest in workflows where each agent gets its own git worktree, sometimes with lifecycle hooks (setup/teardown, DB clones, env copy).
• Some already use similar setups with tools like Conductor, devcontainers, JJ workspaces, or custom scripts; Zed’s built-in support is welcomed if it can match this.
• Concerns that filesystem isolation is the easy part; the harder issue is semantic/architectural divergence across agents working in parallel.

Layout & UX

• New default layout (agent thread panel prominent, project panel moved) is polarizing.
  • Fans say it fits multi-threaded/agent workflows and is configurable.
  • Critics say it crowds out code and file tree, especially on non–4K displays, and could turn off new users.
• Some find the agent UI confusing: small/vague icons, inconsistent “X” behavior, difficulty discovering panel moves.

AI Focus vs Editor-First

• Thread repeatedly debates whether Zed is pivoting from “minimal fast editor” to “agent manager” under VC pressure.
• Some appreciate that AI can be disabled and the editor remains strong. Others worry most development effort is now AI-centric and fear eventual neglect of core editing (e.g., VI mode).

Integrations, Features, and Performance

• Mixed understanding about MCP/skills support: several comments explicitly state Zed does support MCP servers and skills; earlier claims to the contrary are corrected.
• Some want stronger Git tools (better project root detection, diff UX, history/blame, commit message helpers).
• TypeScript/LSP performance and resource usage are pain points for some users.
• Reported bugs: file explorer not updating, buffers not refreshing after external edits, agent inability to run shell commands in some setups, confusing remote/plugin behavior.

Workflow Preferences

• A subset explicitly avoid parallel agents, preferring single-threaded, review-heavy workflows to maintain code quality and avoid “vibe coding.”
• Others are excited by easy context switching between multiple threads for side investigations while keeping a main editing context.

Tor Browser & Firefox Response

• Commenters note Tor Browser quickly rebases on Firefox ESR; an updated Tor Browser was released the day after Mozilla’s fix.
• Some see this as evidence of a healthy responsible-disclosure process; others criticize the article’s alarmist title given the bug’s limited lifetime (process only, reset on restart).

Nature and Impact of the Vulnerability

• Identifier is:
  • Process-scoped, not machine/profile persistent.
  • Shared across origins via a global mapping of database names to UUIDs.
  • Stable for the lifetime of the Firefox/Tor Browser process and survives “New Identity” in Tor Browser.
• Key risk: linking multiple Tor identities or private/public sessions within the same browser process; several note this is serious for high-risk users but not a “forever ID.”

Ethics and Business of Fingerprinting

• Debate over why a fingerprinting company would disclose:
  • One side: disclosure builds trust, avoids depending on a single bug, and denies competitors an advantage.
  • Others suspect marketing or downplay the severity.
• Some argue all fingerprinting is inherently exploitative and should be treated as a vulnerability; others distinguish between “side effects of normal APIs” and true bugs.

Fingerprinting vs. Vulnerabilities

• Long back-and-forth over whether fingerprinting equals “exploiting a bug.”
• One camp: any non–opt-in identifier is a privacy vulnerability.
• Another: using exposed info (headers, fonts, canvas) is not automatically an exploit unless it bypasses explicit technical countermeasures.

Mitigations & Opsec Practices (Tor, Qubes, Tails, JS)

• IndexedDB ID is cleared on full browser restart; several emphasize always closing Tor Browser between distinct identities.
• Tails (without persistence) and fresh disposable VMs are highlighted as strong mitigations; however:
  • Misuse of Qubes (reusing the same disposable VM) remains vulnerable; separate VMs per identity are required.
• JavaScript:
  • Some say disabling JS increases fingerprint uniqueness but removes many tracking vectors.
  • Others argue Tor should default to JS off; disagreement remains on the net benefit.

Browser Design, Web Standards, and Permissions

• Many criticize expanding web APIs (IndexedDB, canvas, etc.) as fingerprinting surface with marginal user benefit.
• Suggestions:
  • Stricter origin scoping and permission prompts for potentially identifying APIs.
  • Standardized or randomized responses for fonts, timezones, window size.
  • “Ultra-minimal” or read-only browsers with no storage, JS, or forms, though others note this itself becomes a niche, fingerprintable profile.

User Attitudes, Tracking, and Law

• Discussion on whether “most users don’t care” about tracking:
  • Some argue users are unaware or feel powerless, not truly indifferent.
  • Others point to support for surveillance-style legislation as evidence of low concern.
• In the EU context, one side claims fingerprinting without consent is already illegal under GDPR; another calls for explicit bans and active anti-fingerprinting duties for browsers.

Research & Alternative Architectures

• Commenters mention active academic work on fingerprinting at privacy conferences and anonymization bibliographies.
• Remote browser isolation / “browser in a box” setups are proposed as another way to keep state ephemeral and off the user’s machine, though trade-offs and trust issues are noted.

Right-to-Repair, John Deere, and Lock-In

• Many see these tractors as a direct reaction to John Deere-style lock-in: proprietary diagnostics, dealer-only repairs, DMCA barriers, and expensive service during critical harvest windows.
• Some farmers in the thread defend Deere’s parts availability and dealer network, saying uptime and rapid repair during harvest often matter more than DIY repair.
• There’s broad agreement that OEMs use software and electronics to enforce control and recurring revenue, not just to add useful features.

Simplicity vs. Modern Tech

• Strong enthusiasm for a rugged, mechanical “base” tractor that can run 50+ years and be fixed with common tools; older machines (e.g., MF135, Farmall, 4020) are cited as still-working examples.
• Others argue modern tech (GPS guidance, precision seeding, emissions management, yield mapping) is essential for high-scale, high-ROI operations, and “low-tech” is already served by brands like Kubota, Versatile, Massey.
• Several suggest an ideal middle-ground: open, documented ECUs and bus standards so farmers can add or service electronics without vendor lock-in.

Economics, Market, and Viability

• Supporters highlight price: Ursa’s 150–260 hp models are said to be roughly half the cost of comparable fully modern machines.
• Skeptics question actual demand and scalability: unsold prior-year units, lack of dealer network, and parts logistics may limit adoption.
• Concern that if the company succeeds, it could be acquired and “enshittified,” unless structured as a cooperative or non-profit.

Emissions and Legal Constraints

• Key point: these tractors rely on remanufactured 1990s Cummins 5.9L engines partly to avoid modern diesel emissions systems (DEF, DPF, SCR, ECUs).
• Several note that building such engines new would be illegal under current US emissions rules; remanufacture is effectively an end-run around regulation.
• Debate over trade-offs: emissions controls are seen as a major driver of complexity and unreliability, but also as a major public-health win.

Electric and “No-Tech Everywhere”

• Some want “no-tech” or low-tech versions of many products: cars, TVs, appliances, bikes, smart homes.
• Electric tractors are seen as promising for small/light duty, but current battery energy density and duty cycles are viewed as inadequate for large, continuous heavy farm work.

Impact of 988 Hotline & Access to Crisis Support

• Many see the national hotline as an effective, humane intervention that has measurably reduced youth suicides; trained listeners and immediate human connection are viewed as key.
• Several share positive personal experiences (e.g., nightly calls during severe illness; being talked down from spiraling thoughts).
• Others emphasize that hotlines alone are insufficient; proactive outreach and broader mental health support are needed.

Guns, Means Restriction, and Policy

• Strong agreement that most gun deaths are suicides and that any “friction” (safes, age limits, child-access laws) reduces suicide rates.
• Cited examples: CDC data on method and age patterns; RAND findings on child-access and minimum-age laws; Israeli military weekend gun restrictions cutting soldier suicides; US veteran-focused guidance to keep guns unloaded and secured.
• Debate over US gun policy: some argue meaningful federal action is blocked by the Second Amendment and lobbying; others point to state and international examples (e.g., Australia) where regulation reduced gun deaths and mass shootings, though one commenter disputes the magnitude of that effect.

End-of-Life, Autonomy, and Assisted Suicide

• Tension between preventing impulsive, treatable suicides and respecting voluntary death in cases of terminal or degenerative illness.
• References to legal assisted dying (e.g., Oregon), informal “pain management” practices with morphine, and ethical discomfort about lumping these cases into general suicide statistics.

Experiences with Hotlines, Police & Social Services

• Conflicting anecdotes: some report compassionate, non‑escalatory hotline help; others describe police-led responses that escalate, traumatize, or result in involuntary holds.
• Concerns that involving social workers or crisis teams can mean coercion, confinement, and abuse, especially for youth; others counter with examples of well-run mobile crisis teams that prevent jail or worse outcomes.
• One commenter notes data that <1% of crisis-line calls trigger emergency dispatch, but others remain wary.

Mental Health System, Economics, and Abuse

• Strong criticism of US mental healthcare as profit-driven triage to keep people minimally functional for work, with employer-linked insurance as a structural trap.
• Descriptions of behavioral health as a “growth industry” ripe for fraud, including unscrupulous recovery centers and outpatient clinics monetizing chronically ill or homeless people.
• Some argue that crisis lines also function as funnels into this system; others see them as necessary, low-barrier support.

Youth, School, and Demographic Patterns

• Noted seasonality: adolescent suicides rise during the school year and drop in vacations, suggesting school stress and environment play a major role.
• Personal accounts describe school as prison-like, with homework, grading pressure, and misfit pedagogy contributing to despair.
• Discussion of higher suicide rates in low-density/rural areas: competing explanations include social isolation vs. higher gun ownership, with commenters citing geographic data for both sides.
• Mention of elevated risk for elderly and for underage LGBTQ youth in hostile families.

Technology & AI in Crisis Context

• Worry that teens may turn to AI (e.g., chatbots, ChatGPT) instead of hotlines or humans.
• Some see value in AI as “interactive journaling” or help organizing overwhelming thoughts, but others fear unempathetic or harmful responses (e.g., hollow chatbots on state hotlines, or AI providing misguided affirmation).

Policy, Society, and Structural Factors

• Multiple comments link suicidality to poverty, lack of healthcare, homelessness, economic precarity, and social hate (e.g., against LGBTQ youth), arguing these are fixable but politically neglected.
• Suggestions include universal basic income, guaranteed housing, and robust addiction/mental health support as cheaper and more effective than current fragmented systems.

Other Noted Points

• Some mention that stimulants like methylphenidate may reduce risk of a second suicide attempt (based on something one commenter read).
• Debate about whether “just change your thinking” advice is valid; many argue this trivializes serious mental illness and resembles discredited “just say no” rhetoric.

Perceived leap over prior robots

• Commenters compare this system to an earlier DeepMind table-tennis robot that was considered state-of-the-art but far weaker.
• Some are surprised by the apparent speed of progress in physical robotics, likening it to recent jumps in coding AIs.

Sensing, spin, and “cheating” advantages

• The new robot uses multiple high‑speed cameras around the room and infers spin from the ball’s logo and trajectory.
• Several note this gives it information humans don’t reliably have; others point out that advanced humans can partially read spin from ball flight and feel.
• Many consider the extensive camera setup and lighting a major “equipment advantage” over a human with just eyeballs.

Human vs robot play dynamics

• Players normally infer trajectory and spin from opponents’ body and racket motion; a non-humanoid robot deprives them of familiar cues and could have a “novelty edge.”
• The robot seems strong but with “jagged” weaknesses: e.g., it returns complex-spin serves with complex spin, but simpler serves yield easier balls, which some humans exploited.
• Several note that repeated human practice against such robots could close the gap, while future robot iterations may also improve.

Form factor and fairness

• Some are only impressed by a humanoid robot with human-like kinematic limits and no room-sized sensing rig.
• The robot’s reach and motion constraints differ from humans, raising questions about fairness and whether this is really “human-level” table tennis.

Applications and future competitions

• Many see value as a high-end training tool, beyond today’s simple ball machines.
• Others propose robot-only leagues or autonomous-systems benchmarks (ping-pong, racing, “robot Olympics”).

Significance vs triviality

• One camp: this is just another machine outperforming humans at a narrow task, like cars outrunning runners.
• Another camp: the key advance is fast perception–action loops, high-precision control, and AI decision-making in a real-time, high-speed environment.
• Some express fatigue with “X beats human at Y” stories, caring more about general, on-the-fly capabilities than narrow benchmarks.

Broader concerns about robotics and warfare

• A large subthread discusses autonomous weapons: cheap suicide drone swarms vs expensive humanoids, ground robots in Ukraine, and the ease of weaponizing vision + autonomy.
• Concerns include lower political cost of war, proliferation to small groups, and erosion of citizen power against states or oligarchs; others note possible benign uses (e.g., elder care) sharing the same tech.

Naming, culture, and humor

• Long, playful digression over “ping pong” vs “table tennis,” including regional/cultural usage, historical trademark issues, and analogies to other naming “religious wars” (e.g., tabs vs spaces).