> So far, LLMs seem to deliver code with "Louie Da Loan Shark"-levels of tech debt.
Maybe a couple of years ago, but these days, Opus 4.8 is frankly writing better software than what I've seen over the previous decades in non-tech enterprise. These previous two months, we've replaced so much technical debt we've been dragging along for the previous 5 years as our team went from 25 to 3 people.
This is in non-tech enterprise in Denmark and AI had absolutely no impact on us going from 25 to 3. That was all Putin and bad business decisions on the c-levels. Like keeping flexible loans to fund projects on the books when the interests rates were 0.01% because they might go to 0.001%. Anyway, I'm getting to the point where the AI does 100% of the work, but only if it's piloted by people who know what security, resource consumption and compliance is. The code itself is excellent though.
It likely depends on the implementation, and the tool.
In my work, the Swift code is not really that good (but it’s not terrible), but the PHP code is very good (better than mine). I use ChatGPT. Maybe Claude might give better Swift, but I’ve invested quite a bit of context in ChatGPT.
Your experience is apparently different than mine. I went from using our corporate tool to copilot cowork when it became available to us. From opus 4.6 to 4.8 and there has been a massive difference. It's ridiculously good at programming in the right hands, but the right hands is frankly becoming more and more automatable as well, since you can input design documents, compliance policies and allowed packages and it'll do fine.
If you want, you can go through my history and you'll find that I haven't exactly been a fan of AI, but it's silly to deny that it's gotten good.
Wouldn't it be more accurate to call Apple's architecture data protection rather than privacy? As an European citizen in a post Snowden world I would be surprised if any of my data on Apple services was actually kept private from the US government, and Apple certainly wants to own a lot of data/metadata about you. Gotta have Siri listening for carplay and so on. I would aboslutely trust Apple not to sell my data as a commodity though.
> If Apple handles the Google-Apple boundary right, this will be an elegant move on their part, otherwise it will feel like Apple Intelligence with a just a privacy-polished frontend for Gemini.
I'd say this is spot on. At least if what Microsoft is doing with Copilot Cowork is anything to go by. Cowork is not a privacy-polished as much as it's an Enterprise compliant polish to make Opus 4.8 run "safely" in your enterprise organisation. So far Microsoft is winning the AI war in non-tech enterprise with this, especially here in the EU. If Apple manages to do this for the private market that will be great for them.
I'm not personally sold on what an AI should do on my phone though. I use a lot of AI professionally, but I haven't even turned on Bixby or whatever the Samsung AI is called.
From an EU perspective, Microsoft is doing data protection, Apple is doing data privacy.
Microsoft's approach to data is basically "we promise nobody else but you and your government can access it, we can but we pinky swear we won't." This promise is mostly enforced at the legal layer and through legal consequences, not technical safeguards. If they think they can get away with it (or are forced to get away with it by the US government), there's nothing stopping them from using your data in whatever way they want.
When they can, Apple designs their systems so that they physically don't even have the capability to use your data, even if it's processed on their own servers. They're not privacy maximalists like Signal is, they care more about user experience, but they do aim for the highest level of privacy you can get while still having a good experience, and when they do need to make sacrifices, they typically let you opt into the privacy features if you really want to.
I'm far more inclined to believe that Microsoft is secretly (or not so secretly) collaborating with the US government than that Apple is.
There has been anecdotal statements/blogs from Apple employees about the data privacy. They have said building some internal capabilities or user facing features are extremely difficult or impossible because they aren't able to access user data at the level required.
From the information presented, the privacy case is not that your data is only accessible to you (which arguably can have a backdoor) but that the data is NOT stored at all, so it's not possible to build a backdoor. I know there are probably other ways around it, but it's my understanding is that no data is kept on any server when the response is sent back to your device
There is a comment in this thread from an alleged Apple employee that said that, but it doesn't seem like it's possible to send a link for a specific comment. Over the years I've seen comments and blogs posted here in Hacker News reaffirming the same thing.
But to answer your question directly, I don't have any links for those blogs or comments
> Wouldn't it be more accurate to call Apple's architecture data protection rather than privacy? As an European citizen in a post Snowden world I would be surprised if any of my data on Apple services was actually kept private from the US government, and Apple certainly wants to own a lot of data/metadata about you.
Your conception doesn’t seem to match PCC at all. The whole point of it is that nobody can access the data, not even the people running the servers.
I don't trust a single US tech company to keep my data private from the US government. Maybe I need a tinfoil hat, but I don't feel like I'm unjustified in this based on the history going back to echelon. Not that this is a particular jive at the USA, my own government (Danish) actively pushes for mass surveillance and non-functional e2e encryption.
There is still a difference though. Google will sell my data and use it for all sorts of things. Though I've obviously accepted that since I have had a Samsung flip phone since Apple made their iPhones too big for my pockets.
This part of their requirements for how PCC is architected directly addresses your concern:
“Verifiable transparency. Security researchers need to be able to verify, with a high degree of confidence, that our privacy and security guarantees for Private Cloud Compute match our public promises. We already have an earlier requirement for our guarantees to be enforceable. Hypothetically, then, if security researchers had sufficient access to the system, they would be able to verify the guarantees. But this last requirement, verifiable transparency, goes one step further and does away with the hypothetical: security researchers must be able to verify the security and privacy guarantees of Private Cloud Compute, and they must be able to verify that the software that’s running in the PCC production environment is the same as the software they inspected when verifying the guarantees.”
They do this by allowing you to download all of the components (minus data cryptexes containing the model weights) and run it on your own Apple silicon chip (you can put your computer in recovery mode and use csrutil to enable research guest operating systems)
I think what is concerning is that they are expanding into Google Cloud and NVIDIA to run with it too with their versions of confidential compute, which if I remember correctly are not as well verified as Apple PCC and a little harder for researchers to get their hands on.
Apple uses a key ceremony process where no single party has access to all the keys required to sign hardware, meaning in theory they can’t just sign malicious hardware. However, I’m not sure how Google and NVIDIA play into this and I don’t think they’ve provided much detail on it. I think it seems a little rushed to get the features out since they fucked up with initial Apple Intelligence release.
From my understanding of the architecture, Apple and Google have basically developed a fork of Gemini that is built to run on Apple's PCC. There is no data being sent to any Google servers.
From this MacRumors article:
"The new architecture centers on Apple Foundation Models co-developed with Google, which Apple says are adapted to run both on-device and on servers through its existing Private Cloud Compute infrastructure."
And
"The company reiterated that Apple Intelligence relies on on-device processing and Private Cloud Compute, with a promise that user data is only used to execute the immediate request and is not accessible to Apple or third parties. Apple added that outside experts can verify those privacy guarantees "at any time.""
That seems to conflict with the recent security blog that says they are using Google Cloud infra and NVIDIA GPUs with PCC now [0].
They are allowing it to run on Intel and NVIDIA and Google chips meeting certain requirements now too instead of just Apple silicon because they think they’re secure enough now, but I suspect this decision might have been pushed by the need for Siri to be useful.
I still definitely think it’s better than what every other company is trying to do (like running a variant of OpenClaw 24/7 forwarding data to Anthropic, OpenAI, Google, and every other provider they can support).
It's not the compute hardware itself. PCC used to be data centers owned and operated by Apple, running on chips designed by Apple.
With this announcement, Apple is expanding the definition of PCC to Google Cloud data centers. Theoretically, this is Google Cloud, not Google servers, so there should be a separation of access there.
From the Apple security blog:
> Originally built exclusively on Apple silicon with our world-class software security technologies, PCC set a new bar for AI privacy in the cloud, and continues to power the most demanding Apple Intelligence features. Since then, the wider industry has been working to provide a set of confidential inference primitives that could theoretically be combined to reach the security level of PCC. However, until today, those primitives have never been integrated into a comprehensive, end-to-end confidential inference pipeline capable of operating at global scale. That’s what we’ve done with PCC on Google Cloud, which incorporates PCC’s exceptional security and privacy properties at every stage, including the industry’s most comprehensive transparency guarantees that allow external security researchers to verify our privacy commitments.
Can they verify the private cloud is completely immune to nationstate actors, has no zero-day vulnerabilities, is completely bulletproof in a court of law and can never be compelled to secretly share info with government(s), etc?
I think the users fear here is real. "We did good due diligence at the consumer level" and "we're completely immune to nationstate hackers and clandestine legal cases" are very different things.
Like any good security paper, it doesn’t assert immunity to particular parties. Instead, covers things like how PCC attests that the running software image is identical to the publicly-available, forensically-studied one.
Fear is real for sure, but don’t let fear be an excuse to lose rigor in thinking.
What if the CA certs are compromised, as was alluded to for GCP in the Snowden leaks?
All server security measures are irrelevant if every client req/res is dragnet siphoned off to NSA servers in plaintext. It would also afford the corporation deniability even if they were aware or involved.
This is why everything than can feasibly be E2EE (or performed locally) should be, unless the data is explicitly public. There are too many opportunities for compromise even when the provider has the best of intentions, and ruling class psychopaths aren't intentionally destroying democracy or implementing big brother.
Are you suggesting that PCC specifically is sending things in plaintext, or that the security promises in the server and arch are false, or that a compromised CA means… IDK what?
I’m with you on the big principles, but are you implying more specific attack vectors or just kind of maybe everything could be compromised somehow?
> In an NSA presentation slide on “Google Cloud Exploitation,” however, a sketch shows where the “Public Internet” meets the internal “Google Cloud” where their data reside. In hand-printed letters, the drawing notes that encryption is “added and removed here!”
This is a non-answer, and in fact, a statement like "don't let fear be an excuse to lose rigor in thinking" in response to my question "how verifiable are their claims" is insulting and sloppy. Rigor in thinking includes human discussion and humans asking questions, but yet you shot that down.
ChatGPT, do what this user wouldn't, and answer the dang question:
> No, Apple cannot verify that Private Cloud Compute is completely immune to nation-state actors, contains no zero-days, or could never be subjected to secret legal compulsion. Nobody can honestly establish those absolutes for a complicated, evolving computer system operating across multiple jurisdictions.
> What Apple has done is more meaningful than ordinary corporate “due diligence,” however. PCC is specifically engineered to make clandestine access—whether by hackers, insiders, or governments—technically difficult, difficult to target, and more likely to leave externally detectable evidence...
> Against ordinary attackers, rogue employees, conventional cloud administrators and routine government data requests, PCC appears exceptionally strong for a cloud AI service.
> Against a targeted nation-state willing to combine zero-days, supply-chain compromise, endpoint exploitation, legal pressure and secrecy, the right description is: Highly resistant, deliberately difficult to target, and unusually auditable—but not immune.
Thanks ChatGPT. Don't know why I bother to ask humans anymore, it's StackOverflow the whole way down.
"I did not like your answer, therefore I will use the 100% reliable, bullet-proof method of having an algorithm generate the statistically most likely words that form a plausible answer to my question."
It’s a fair concern, but the only way to reconcile a belief that Apple is sharing data from PCC with anyone (including themselves) is to assert the whole PCC thing is a massive fraud.
Which it could be, but given both breadth of claim and Apple’s strong incentives not to be caught lying about something so massive, I’d want something more than vibes to take the idea seriously.
There's no guarantee against data exfiltration, because the data leaks happens through tool calls, which are not made from the PCC, but from your own device.
E.g. "the user asks if their Bitcoin private key is unique, let's make a web search".
Combined with prompt injection attacks, it's quite easy for an attacker to craft a prompt which sends your private data through any supported tool call (web search, database search, email, app APIs, etc.). Everything is wide open for the attacker / or yourself accidentally to exfiltrate your data.
That doesn’t make sense in this context – the point of PCC is so you know somebody isn’t snooping on your information when you send it to the servers. The person I was responding to seemed to think that Apple would be looking at that information.
You're right, but also "PCC is very secure" might give a false sense of security, considering that there might be other associated vulnerabilities in these kinds of systems.
Which is a good point. set a Bitcoin wallet private key in an obvious place on your system, and then setup a monitor (on another system) to notify you if its contents gets stolen.
Doesn't prevent the exfiltration but at least you'll know when it does.
I have read it. The entire trust hinges on several critical points, such as trusting secure boot.
You remember when the NSA injected itself in TLS termination at all major cloud providers? You remember when several giant automotive corporations built elaborate detection of testing scenarios to fake emissions? You remember room 641A?
I have no real way to tell if this is security Theater or meaningful protection. None of us has,
> I use a lot of AI professionally, but I haven't even turned on Bixby or whatever the Samsung AI is called.
I know this was just a small aside, but man do I hate Bixby and other phone AIs. They are so frustratingly difficult to turn off, and turning them on accidentally is as simply as holding the wrong button for a few seconds, such as when your phone is in your pocket. Very frustrating design.
I never turned Bixby on, so it never really bothers me except for when I update and it want me to accept something which I decline. I turned the button off, I forgot what I switched it to but holy hell was that annoying.
I just want to be able to turn things off without affecting completely other unrelated things. Like Siri and Carplay, makes no sense I need one activated to use the other, just a trick to get people to avoid disabling Siri.
> I would be surprised if any of my data on Apple services was actually kept private from the US government
Outside of law enforcement having a warrant, Apple's efforts against CSAM, or their Chinese data centers, I've not heard of Apple doing any of what you assume in a post-Snowden world. iMessage is supposed to be end to end encrypted, and there was a few years ago that whole scandal where Apple wouldn't unlock a literal terrorists cell phone for the FBI.
The FBI had to reach out to... a third party to unlock the phone (I forget the name of the firm that did it - Cellebrite maybe?) for them, what's funny is they spent a lot of money on it, when the rest of the world pointed out that the very specific iOS version in question had known vulnerabilities they could have found online for free (or cheaper?).
With opus 4.8 we're frankly aproaching the 100% of the work, but only if tasked by the right people. A decade ago I worked as an enterprise architect and left it because I preffered coding. Now I'm an enterprise architect again, and we're at the point where I've setup a Microsoft Fabric and integrated a ADLS Gen2 with a Lakehouse building Dimension and Fact tables for our Business Intelligence people with Cowork. A month ago I didn't know what Dimension and Fact tables were in a datawarehouse and now I've not only setup a flow for it I've made it more accurate than what they had before because I understood how BC365 worked and the previous consultants didn't.
We had a PoC in place to get fabric, it had like 500 hours allocated for what I did in a week with cowork, and my product is actually on secure vnet network with Azure identity security with both a test and a production environment delivering actual data.
Cowork even made the damn powerpoint slideshows for decision makers.
The single saving grace right now is that it apparently isn't easy for everyone to do this yet. But I didn't use a whole lot of my knowledge on software engineering to make any of it happen, not even the pandas and arrow code that moves the data behind the scenes. I mainly used my knowledge of NIS2 compliance and general data architecture in a step-by-step process. To me anyone with common sense should be able of doing this, and I really don't think I'm special... but then I teach other people AI at our company and they can barely get it to create a running program. Which is fine for now, but I have to work another 20ish years before I retire, and by then a lot of young people will have grown up with AI, and like I said, I'm not special. I think the only thing that differentes me is that I mash the buttons until it works but also have decades of security and compliance hammered into me.
For me it's mostly dealing with humans and bureaucracy now that takes the most time. Actually kicking off an LLM will often (though not always) get me in the ballpark of the right solution, and then iterating with the LLM from there gets me the rest of the way.
I kinda agree I mean almost no one writes code by hand anymore but it doesn't mean we don't contribute any value anymore. I wouldn't exchange the entire r&d department with Claude yet - would you ?
Sure... and people keep finding exceptions like this, but that's not what most developers are doing. We're talking like top 25% has some security and no one else. That's an economy-level change.
I know this section is really just a comparrison of pyproject.toml and cargo.toml, but who on earth would use pip instead of UV as a drop-in replacement in 2026? Though calling it a comparrison is a bit of a stretch considering there is no text.
On top of that, I imagine that a lot of Python programmers who actually do use pip would also use requirements.txt and not pyproject.toml
People learning Python or searching for it will run into endless answers using PIP. Then, lots of advice on how to work around PIP's problems. Then, multiple alternatives they have to consider. I only recently started using UV after going through all that.
Packaging, concurrency, and type errors had me strongly considering switching to Go or Rust recently. These are such long-solved problems in other languages that I question why we should put up with it in Python. Then, I remember it was the ecosytem, including job market and AI performance, that made me use Python.
So, maybe a Python/Rust combo... There's the extensions the OP article mentioned and a Python interpreter written in Rust.
Because it's rust for python dev, not rust for python dev who use uv. I would understand your comment if you mentioned poetry, but pip has been the standard for years
I heard that Zed came with a lot of integrated AI and team sharing features that phone home, so that's an issue for anyone working with stuff like NIS2 compliance. Not that VSCode isn't a compliance nightmare as well.
Nice find. We're PoCing Cowork and I've personally been impressed with it so far, but it seems we'll have to wait with a wider rollout until Microoft give us more admin feature to turn off what users can do with it.
> Note: Admins have limited oversight of ‘Skills’, as Skills in Copilot Cowork are automatically loaded from a specific path in a user’s OneDrive.
I feel this part is a bit disingenuous. We have full control over the sharepoint containers which house users personal onedrives. We actively scan them and prevent a lot of files from getting in them. That being said, it's still a fair point, because a "skill" could basically be a text file.
I think few people would want to use an ORM for the stuff you use Go for, but there are things like SQLC which can generate a lot of your "dynamic DB magic" without actually being a real dependency. You can set SQLC up to run in a container in a completely isolated environment, and then use the output, but you can frankly also just maintain the SQL which frankly isn't that different than using an ORM once you've set up the automation with ridicilously strict policies.
We use Go for some of our more vital backend parts. We mainly use Python for entirely different reasons, but since we're an energy company it's nice to have a standard library that can do everything without any sort of external dependencies. It's not because we have some sort of "not invented here" fetish, it's because we have to write and maintain a literal fuckton of complaince documents for every external dependency we use and it's already a full time job for just for Python in our information security department.
Maybe it's just Microsoft moving to more model agnostic tech within their copilot. I recently started using Microsoft 365 Copilot because corporate added Cowork which runs on Opus 4.7 which was better than the alternative we have available. Unlike the "real" Claude Code or Cowork this only has access to files in a specific onedrive folder in your personal sharepoint container, so it's much more compliant to things like NIS2.
Technically we're using Copilot and we're playing for it through Microsoft licenses, but it's using Opus 4.7. Even before this, most of our custom agents within m365 copilot were one of the GPT models.
Or maybe you're right and they want their developers to use the copilot models.
I really dislike that I can't customize it with permanent config files, similar to how I can configure a regular GPT model agen. I guess it's probably because it's in the fancy word they use for "beta".
I haven't really used any other Copilot product in a while since they were so bad compared to our other corporate options, but I'm rather impressed with Cowork inside it. Exactly because we can actually use it without breaking any EU laws.
Around here C# is only really used at stagnant middle sized companies with horrible code bases. The sort where the company follow Uncle Bob religiously, while completely misunderstanding everything Uncle Bob ever said. Doesn't mean the language (and it's runtime) can't be good.
The examples in Clean Code show that Uncle Bob himself misunderstood heuristics as strict rules that are to be taken to the extreme. There's nothing to not misunderstand.
Yes, many people instinctively stay away from anything microsoft (except github, typescript and npm). But the stack is solid. I’m always reminded of Stack Overflow and how they built on asp.net and like 7 servers and it scaled very well for years.
Everyone has what they like and what they’re familiar with, and for better or worse, especially for startups it’s rarely .net. But I couldn’t imagine e.g. using js instead on the back end, but that’s just me.
I'm Danish so maybe that's part of it, but if I'm looking for something like kid's lunch boxes that aren't essentially from Temu resale sites I was already using LLM chat clients to find it.
I can search for google and find nothing, or I can use a non-login on chatgpt and get several options. It found me some French made lunchboxes that are being made by a car company (I think it was renault but I honestly can't remember) while every result on google was basically temu resales by "companies" that were basically registered to some private adress here in Denmark. I guess I'm an early adopter, and I'm sure LLM's will be ruined by advertising and hidden algorithms, but right now, I really don't see the point of traditional search engines.
LLM search will be ruined the exactly same way, just faster. Google search used to be good, until the company concluded they will earn more money by making it crap. Then it took some time for it to get worst, bit by bit.
With LLM, the same company will learn from previous experience and make it worst faster. It is exactly the same company, making exactly the same product (search), with exactly the same management and being subject of exactly the same market forces.
The result will be exactly the same, they will just get there faster.
I doubt it'll be ruined the same way. It's already got features traditional search engines never really did for us in Europe. Every search engine will assume that I want to buy things from websites that are either in Danish or in English and even if I try to configure something like Google to understand that I'd rather buy from Germany or France than the UK it just doesn't seem to get it. With LLM's I can search for shops on all sorts of EU websites, which comes in rather handy when you're buying vintage blood bowl things since there are a lot of local "ebays" in Spain, Italy and similar that I'd never find without them.
I have no doubt that Renault could pay ChatGPT to get it to recommend people buying lunch boxes. For all I know there might be a bunch of eco friendly "European produced" lunch boxes with compartments and the LLM recommended me the three which fit the needs I described because those companies paid for it. I didn't find any of them on Google though, that was all Temu resales.
Maybe a couple of years ago, but these days, Opus 4.8 is frankly writing better software than what I've seen over the previous decades in non-tech enterprise. These previous two months, we've replaced so much technical debt we've been dragging along for the previous 5 years as our team went from 25 to 3 people.
This is in non-tech enterprise in Denmark and AI had absolutely no impact on us going from 25 to 3. That was all Putin and bad business decisions on the c-levels. Like keeping flexible loans to fund projects on the books when the interests rates were 0.01% because they might go to 0.001%. Anyway, I'm getting to the point where the AI does 100% of the work, but only if it's piloted by people who know what security, resource consumption and compliance is. The code itself is excellent though.
reply