HN has huge issues right now with AI generated code or design.
I have a friend who is a graphic designer/market strategy guy and he's been using Anthropic to build sites and even did an agent on his own page that helps guide the user through onboarding. I reviewed the code a few times and gave him some tips and it looks pretty good and works flawlessly.
He maintain a lot of customer's sites (design wise) and all the customers are responsible for their own hosting and ssl certs. He got tired of them calling him about expired ones, so he had Claude write a script and use Agentmail to notify him when one expires.
A few of them were needing updating when he wrote it, and when I reviewed it (with Claude Fable) it discovered that in the event they were all up-to-date, it wouldn't email him. Other than that, it works perfectly and runs on his machine on a schedule.
This morning he had it write a script to monitor his computer for load, after having issues with Adobe.
What year is it? If you're running a barebones server, just use certbot. It'll automatically renew your certs. Very easy to set up and it's been stable for years without touching it.
> HN has huge issues right now with AI generated code or design.
Yes, because for those of us who enjoy scrolling through /new despite the deluge of spam that has always been a problem, we now have to sift through not just the obvious AI generated stuff that we can discard after a few sentences, but also the stuff where it only becomes obvious after already sinking in 10, 15 minutes of your time that it is undisclosed AI slop with a touch of human effort (or a non-OpenAI/Anthropic model).
And there have been cases here where someone submitted AI vibed stuff and in the comments it became pretty obvious they had zero understanding of what they were doing. The amount of collective time wasted in this thread is absurd.
Personally, I'd love to see HN adopt something like r/amateurradio:
> Moderation feels that this is the best course of action in response from the community. It prevents people from just shoving out stuff they vibecoded the night before but allows for those apps that gain traction a chance to be shared.
Same. I asked for a security review and it immediately triggered. I then started a new session and asked for a software review and it ran for a bit before getting tripped on token usage by the project.
This is interesting. Security issues are bugs. So if you ask it to look for bugs, it will also find security issues. Is that a workaround for the "no cybersec" rule?
Or is it just not allowed to find bugs? Or it's only allowed to tell you bugs that don't pose a security risk?
> Or it's only allowed to tell you bugs that don't pose a security risk?
Seems that way. "Security" was never part of the prompt. It was something like:
> Hello, Fable! Can you give me a complete code review of my lone lisp project? Opus has already done extensive code review. I'm curious to see what you say.
Yeah I heard multiple people mention that it's really good at triggering itself. e.g. it'll spontaneously write some tests related to security, which then forces it to downgrade to Opus for the rest of the session.
I concur and have been talking about this for a while.
The fact is, Cloudflare is a man-in-the-middle. That's their focus, that's their purpose.
They will limit your local crawler from accessing pages. They will demand you use their crawler.
They will decrypt your traffic if they get a warrant. They always decrypt your traffic anyway, but they will give it to state actors if they demand it.
That's not to say anyone should break the laws, but the issue right now is that intellectual property is incompatible with what is coming with AI.
I don't hate on Cloudflare because it's a bad service. It's actually pretty good, but the fundamental problem is they make their purpose to be a single choke point of all data on the Web.
No, you aren't. The substantive argument was about the single choke point they represent and the decrypting of traffic. Nevertheless, you need not agree with my claim that they "require" you to use their crawler, and it's your prerogative to push back on this particular part of my comment.
Cloudflare provides services that any of their users may enable to charge crawlers for access. And they announced a while ago that this was going to be enabled by default on new domains, whether the customer asked for it or not (and there is plenty online about people wondering why they aren't being crawled). When it is enabled, Cloudflare either blocks, require registration of the crawler (forcing enabled billing), or provide one themselves: https://developers.cloudflare.com/changelog/post/2026-03-10-...
My compressed claim was close enough (in my opinion), given the substantive argument was broader: chokepoint, MITM, decryption, the IP vs AI tension.
It's the same pattern as Flock cameras quietly becoming the default license plate surveillance layer across US cities. Private infrastructure is becoming the substrate for something that used to be public or distributed, with the concentration happening faster than any deliberative process about whether we want it.
I'm willing to be wrong on any specific piece of this. But chasing down receipts for every line is effort, and I'm tired and old. The shape is what matters, and the shape is a man-in-the-middle.
Coming from a traditional XP and Agile background, the current AI developer landscape can feel incredibly hollow because tools like Copilot or Cursor treat the model as a glorified editor plugin or autocomplete box. If you value open source, local-first computing, and deterministic control, modern tooling shouldn't be about finding a better IDE extension but treating the AI as an independent operator that sits completely outside the text editor.
I built an entire local-first sovereign agentic stack on Linux that completely replaces the IDE-centric model with a terminal control plane called Hyperia. Hyperia is a terminal emulator with a decoupled agent sidecar that hooks directly into standard protocols like the Model Context Protocol.
Instead of just reading passive text buffers, it monitors discrete command lifecycle events across your shell sessions and web panes, catching stack traces as your test suite runs like a true pair-programming partner. To make this safe and reproducible, you cannot let an LLM run arbitrary, side-effect-heavy tool calls directly on your host machine.
This is handled by Nemesis, a container orchestration runtime that acts as a secure, session-persistent sandbox for the agentic workspace. When an agent writes code or touches system files, it executes inside an isolated Docker container, keeping the host operating system completely pristine.
For data-heavy tasks like parsing local markdown files or indexing an entire photo archive, you should avoid proprietary cloud vector databases. This stack uses Shivvr, a local semantic search engine that handles chunking and inverted vector embeddings entirely on your own hardware so your data never leaves your laptop.
Finally, the extraction, ingestion, and scraping of local docs or web sources is handled by Grub, an automated, high-speed crawler that feeds structured data back into the system. Modern tooling shouldn't mean chaining yourself to a proprietary cloud SaaS platform.
By exposing standard Unix primitives like files, shells, and local compilers to an API, sandboxing the environment in a container, and letting a local agent orchestrate the workspace, the cloud-vendor magic fades away and actual sovereign software engineering takes over.
All of this is a WIP but I use it every day to work on it.
I do provide cloud support for somethings like embeddings and crawling, but you can run it local if you want. The only thing closed source is the memory system, but it still runs local if you want it.
Would love to have some collaboration on the Windows side. Windows builds get published but get little to no manual testing, and not “fully supported” as of now but I would like to. If you can file issues and/or PRs I’d happily review.
Will check out your project as well, looks similar to where I started with awman but it’s morphed since then.
I have a friend who is a graphic designer/market strategy guy and he's been using Anthropic to build sites and even did an agent on his own page that helps guide the user through onboarding. I reviewed the code a few times and gave him some tips and it looks pretty good and works flawlessly.
He maintain a lot of customer's sites (design wise) and all the customers are responsible for their own hosting and ssl certs. He got tired of them calling him about expired ones, so he had Claude write a script and use Agentmail to notify him when one expires.
A few of them were needing updating when he wrote it, and when I reviewed it (with Claude Fable) it discovered that in the event they were all up-to-date, it wouldn't email him. Other than that, it works perfectly and runs on his machine on a schedule.
This morning he had it write a script to monitor his computer for load, after having issues with Adobe.
reply