On the one hand, yeah it's risky that people are relying on a chatbot as if it's an actual doctor, and people might indeed take bad advice from it if they don't realise it's only a fictional character.
At the same time though, this feels kinda like criminalising roleplaying to some extent, and that's not really a direction I'd support. People on an RP forum or Discord server could also pretend to be a doctor in-universe/for the purpose of a story, and people could also ask them about medical issues and get (likely inaccurate) information in return. Should that be illegal? Should it really be illegal for someone to pretend to be part of a licensed profession for the purpose of entertainment?
I guess you could say it should be illegal to make up a license number in a fictional work or RP setting, but even then I feel like people should be able to separate fiction from reality. Entertainment shouldn't be limited because some people might be delusional/might rely on it in place of actual professionals.
I'm no fan of caning or physical punishment for crimes, but isn't that how a lot of bullying ends? The victim snaps, the bully gets beaten up or injured in some way and the latter finds an easier target to go after?
At the end of the day, a bully picks on those they perceive to not be a threat, whether that's a school bully using physical violence or a copyright/patent troll harassing individual creators and small companies. Being forced to go against someone with more resources or who can inflict serious damage against the aggressor is how a lot of bullies get shut down.
I mean he's right, the old internet and the technology that underlies it still exists, and there's nothing stopping you from building and using sites that work independently of the big social media platforms/centralised services.
That said, I do wish this essay was a bit better contrast wise. Had to highlight some of the tables to read them at all, which isn't exactly ideal.
The components heavily give Claude Code vibes. I use CC to build internal tools and, given free reign over the design, this exactly what it will produce.
Won't comment on the writing other than that the punchlines do feel a bit pretentious in an AI kinda way. I've seen the author's blog posts and I much prefer their natural writing to this essay-style output, but to each their own.
I see this often in HN posts and I’m not sure whether to comment. Because it seems most people don’t care; and are only discussing the title, which the LLM post is a predictable extrapolation of, so human effort on the article would be wasted.
I wish people would discuss more interesting topics and less repeats. But probably most of the unique posts just aren’t interesting to me, and I spend too long here so I see repeats more than the average user.
Somewhat. If you open port 22 up on an ip, you're going to get hit by bots scanning the Internet, trying to find an open server to ssh into. If you open port 80 or 443, you're going to get bots looking for /wp-admin.php just as soon as the domain name for it hits certificate transparency logs. The Internet's not a friendly place to be. It once was, but the default now is that someone is going to try and abuse anything you put up. Makes it hard to want to set up a new platform outside of the big centralized ones.
In ham radio - we have a 'Q code' (abbreviation) for man-made noise: QRM (QRN is naturally occurring: thunderstorms and such). This is used mainly to refer to electrically noisy transformers, vehicles, misconfigured transmitters etc. Always been there, gets worse and/or better over time - but gotta figure out how to deal with it as part of the hobby.
When doing stuff on the internet, I've just decided to stop worrying and treat these scans like that above mentioned QRM. You can filter it a bit if you like [1], but really, a sensibly configured and maintained SSH server is as secure as it gets as far as I can see.
Eh, as someone who runs a bunch of smaller sites and forums, I've not had any issues with scammers or hackers gaining access to them. Most of them are looking for obvious vulnerabilities via some sort of script, and usually assume the file names and database structure are the same for every site they target.
It's plenty possible to run an independent site with no issues if you keep things up to date and change a few things to thwart the most common attack attempts.
Those scanners are low effort. Don't run vulnerable software and you're fine (this mostly means not running any website you didn't write, but wasn't that the point anyway?) Run it in a container and you're double-fine.
If you don't have a wp-admin.php who cares if someone is trying to access it? If you have one but it correctly validates your admin credentials, again who cares?
You can turn it into a fun project of making a honeypot.
Oh hey, it's the game I remember from the cameos in Link's Awakening and the Wario Land series. Honestly, I don't think anyone associates Mad Scienstein with this game anymore, given his appearances in Wario Land 3, 4 and Dr Mario 64.
Yeah, security through obscurity as part of securing a system is good. Security through obscurity as the only way of securing a system is not.
Like, a lot of it comes down to 'high friction' vs 'low friction'. Obscurity means high friction. It means that the attacker needs to craft a specific solution for your site or system in particular rather than relying on an off-the-shelf solution to handle it all for them.
For example, the article's point about changing the WordPress database prefix fits into this category perfectly. Does it really make things that much more 'secure'? No, of course not. But it does mean that automated scripts that just assume tables like wp_posts exist will fail. It means that an attacker can't just run any old WordPress hacking toolkit and watch it do its thing, they have to figure out what database prefix you're using first.
Same with antispam solutions. The best solution to stop spam is to make your site unique in some way. To add some sort of challenge that a new user has to overcome to use the site, like a question related to the topic, a honeypot field they can't fill in, a script that detects how quickly they register, etc.
This won't stop a determined spammer, but it will stop or delay bots and automated scripts that rely on the target system having the same behaviour across the board. The spammer has to specifically target your site in particular, not just every forum script running the same software.
And much of society works this way to a degree. A federated or decentralised system (whether a social network or political movement) isn't technically harder to attack than a centralised one might be.
But it is more work to attack it. If a government or company wants to censor Reddit or Discord or YouTube, they have one target they can force to censor information across the board. If they want to target the Fediverse or some sort of torrent based system, then they have to track down dozens of people and deal with at least some of those people refusing or taking it to court or being in countries that aren't under their control or whatever else.
That's kinda what a good security through obscurity setup can be. You can't mass target everyone at once, you have to target different systems individually and spend more time and resources in the process.
However, you still need real security measures there. Security through obscurity is like hiding a safe behind a painting. It'll stop casual attackers from finding it, but it won't stop a targeted attack on its own. You need a strong lock, materials that are difficult to drill through and the safe itself being difficult to remove from the wall too.
Have to be honest, I do sometimes wonder how many of those might be cases of literal liars/scammers getting the roles thanks to heavily puffed up CVs and lots of AI usage, only for said companies to end up needing to lay them off again when they realise their claimed skills don't match reality.
I feel like someone has to be getting past these systems, and I get the feeling it's not the people these companies want to be hiring.
And some of the frustration there is I suspect then that some of those companies don't want to then return to their final round participants to see if they're still available because they're hit with a duality of "we don't want to admit we passed you over for a BS artist" and "well, if they haven't found something yet, were they really a final round person for us?" (not saying that's a valid perspective or not, but I could absolutely see it happening).
Personally my experience has been kinda brutal, having been struggling to find a new job for a few months now. Interviews haven't been that rare all things considered, but as someone who's neurodivergent, it feels like the chances of me getting through one successfully is lower than ever now, especially when there are like 3-5 rounds of meetings and calls to get through.
I'd also say it's a mix of not having the best company experience in the world (even the larger ones I worked for didn't use cutting edge tech), not having enough war stories about times of adversity, and having to compete with both top tier engineers from FAANG companies and liars just using AI to make up everything.
But based on other people's experiences, it seems like some people get way luckier than others in this job market. I know people who've gotten a job in a week or two without any hassle and others who've been out of work for months or years now. One of my friends had probably the best luck I can imagine in that regard; they got laid off from one job and then a week later found a job in the same exactly industry doing the exact same thing at approximately the exact same salary range. They went from designing brochures and posters for medical companies at one company to designing brochures and posters for medical companies at a direct competitor.
But yeah, it seems like a very tough market right now, and one where success pretty much depends on the stars aligning in the right way.
I know it's not the main topic of the post, but I think it may be worth pointing out that Bluehost is owned by a company infamous for poor quality hosting solutions and trying to monopolise the web hosting field:
So regardless of whether you go with WordPress or a different solution, you may want to be cautious about that company. They tend to oversell their services a lot, and care mostly about cost cutting.
Unfortunately that industry has been in a race to the bottom for a very long time. Most customers just care about the dollar amount they're paying. In a race to the bottom there is no corner that can't be cut.
I've met so many people over the years who've worked in the industry at some stage (including myself), and not one of us has had a positive experience.
All that to say, it's almost certainly true that unless you've specifically heard otherwise about a hosting company, you're probably supporting assholes whoever you use.
Where is that race to the bottom visible? Surely not in the pricing -- bluehost's intro offers are already expensive (10gb space shared hosting for $3.99 a month -- in 2026?). After a year, it jumps to $11.99 with 12 months terms. That's more than $1 per gb storage. In 2026.
The $10/month gets you storage, but also bandwidth and hosting and a bunch of tooling. Worth it? Probably so if you want something that mostly just works.
Me, individually, providing it to one customer? no.
At scale, providing it to tens of thousands? yes.
It's a perfectly fine price for a customer to pay and not worry about it, but it's not squeezed to extract every fraction of a cent because competition is so fierce. In a race to the bottom you'd expect the bottom to be approached, but it isn't.
Bluehost, Kinsta, WPEngine, GoDaddy etc, are marketing companies that sell webhosting, and they have very healthy margins. They compete on ads, not on price.
I am very happy. The speed is insane. I always thought and was told that WP is the reason for a slow website. No, it was my host. I pay around 10 USD per month but I think the smaller plans starts lower.
For what it's worth, I am very happy with them. But I only host a few WP and FreshRSS. I think they support python too but for Django I use: https://www.pythonanywhere.com/ I pay 5 USD a month there but I think this plan is not sold anymore.
They own at least 74 different web hosting companies and are buying more brands all the time. They want to own a large percentage of this field at least.
It's made me very skeptical of new sources and sites I don't have any prior experience with. If I don't know the author has been writing for a while now, then I'll probably take their work with a grain of salt until I identify how reliable they are. If I then find they've been using AI in any form, that's probably the last time I'll ever read their work at all.
It's not just about text either. I'm deeply skeptical of new artists, musicians, video creators, etc for much the same reason. Generally I'll try and weigh up evidence for their legitimacy vs evidence of AI (how often they post vs how much 'effort' that work would require, whether they have a community or notable social presence, whether there's evidence of them being human and appearing on camera at some point, etc) and mostly support creators that use communities I'm already a part of (which ban AI generated content and monitor people's works for it).
On the one hand, yeah it's risky that people are relying on a chatbot as if it's an actual doctor, and people might indeed take bad advice from it if they don't realise it's only a fictional character.
At the same time though, this feels kinda like criminalising roleplaying to some extent, and that's not really a direction I'd support. People on an RP forum or Discord server could also pretend to be a doctor in-universe/for the purpose of a story, and people could also ask them about medical issues and get (likely inaccurate) information in return. Should that be illegal? Should it really be illegal for someone to pretend to be part of a licensed profession for the purpose of entertainment?
I guess you could say it should be illegal to make up a license number in a fictional work or RP setting, but even then I feel like people should be able to separate fiction from reality. Entertainment shouldn't be limited because some people might be delusional/might rely on it in place of actual professionals.
reply