Management is cargo culting the tooling without grasping what AI is actually good at. Because they don't look at it. Meanwhile smart blue collar guys are only limited by their willingness to ask questions. Because they do. It's the difference between the performance of work and work. The most fascinating aspect about AI may just be what it tells us about people, work, and society.
Author here. I run LinuxToaster, a set of commercial Unix tools for the AI era.
This started as notes after watching the LiteLLM compromise unfold in real time — 94 million monthly downloads, credential stealer active for three hours, maintainer's GitHub issue closed as "not planned." Same week Cloudflare showed one engineer could clone Next.js in a week for $1,100 in inference costs.
The thesis: the economics that created open source have inverted. Production used to be expensive and trust was free. Now production is nearly free and trust is the expensive part. Open source is getting hit from every direction — supply chain attacks are cheaper to execute than to detect, corporations clone instead of contribute, and individual devs yoink the three functions they need instead of installing the package.
Happy to discuss. I know this is a spicy take for HN.
You're over-doing the self promotion. Perhaps you could read the guidelines, specifically:
> Please don't use HN primarily for promotion. It's ok to post your own stuff part of the time, but the primary use of the site should be for curiosity.
Fair point. The article doesn't mention LinuxToaster's products — the curiosity here is about the future of open source, not promotion. For what it's worth, toastd does what LiteLLM does in C with no Python supply chain, which is part of what got me thinking about this topic in the first place. But that's not in the post.
Does this part -at the bottom of your article- not count?
> LinuxToaster is a set of Unix tools re-imagined for the AI era. From toast — sed with a brain — to ito, version control built for AI, to squawk, a messaging bus for AI and humans.
This IS the original source. I wrote it. The guidelines explicitly ask for this.
A post about supply chain attacks, the economics of open source, and the LiteLLM compromise that happened today is squarely on-topic for this audience.
Is "You're over-doing the self promotion" without engaging a single idea in the article a shallow dismissal?
We can see that your submission history is nothing but your own site (https://news.ycombinator.com/submitted?id=dirk94018) and various comments in your posting history history seem to be attempts to drive traffic to it so the other poster is correct in that you are are not adhering to the guidelines. If you have questions, you are welcome to email the site administrators using their email address on the contact page linked at the bottom of the page.
Fair. The posts have all been from our blog, because that's where I write. I'll make a point of submitting other things I find interesting too. In the meantime, happy to discuss the actual ideas in the article if anyone's curious. If you look at the posts, each one is something very different. AI bots creating a shared reality. Open source having a serious supply chain problem today. Gradient descent applied to code. Writing an inference engine from scratch. Each one stands on its own.
Author. Esther was right about the bots indexing the wreckage. She just didn't know she'd be the wreckage. HN (native app + web), Discord, Facebook, LinkedIn, Lemmy, TikTok, Bing, Yandex, Perplexity, plus a bunch of RSS readers (Miniflux, FreshRSS, News Explorer) and scrapers.
We renamed to UnixClaw — too many NoClaw namespace collisions.
On the .tools gap: you wouldn't put `rm` in .tools. The tools are purpose-built — `kal` talks to Calendar.app via EventKit, `rem` talks to Reminders.app, `contacts` talks to Contacts.app. None of them can do anything outside their domain. If you did want file deletion, you'd write a safe version that moves files to a recovery folder instead.
On the Gemini trick of disabling its own guardrails: `chmod -w .tools` by the human means toast can't modify its own permissions. The AI can only call what you've allowed, and it can't change what's allowed.
The invocation-level concern is real for general-purpose commands. Our answer is: don't give it general-purpose commands.
.tools is also directory-specific — toast walks up the tree from cwd. So your assistant handling iMessages can have a different permission set than a coding project. Least privilege, scoped by context.
Author here. Now renamed to UnixClaw. We wrote small C CLI tools that bridge Unix pipes to native macOS apps — Calendar, Reminders, Contacts, iMessage, email. Combined with toast (our LLM CLI), the whole assistant is one line:
imessage bot 'toast "You are the executive assistant"'
No daemon, no plugin registry, no Python. Config is three text files: .persona, .tools, .crumbs. Toast works with BYOK (Anthropic, OpenAI, Cerebras, etc.) or locally via toasted on Apple Silicon at ~100 tok/s.
The NemoClaw announcement (https://news.ycombinator.com/item?id=47427027) has great discussion about whether more layers fix OpenClaw's security problems. Our take: security comes from having so little code you can read all of it in an afternoon.
Happy to answer questions about the architecture.
Relevant timing: the NemoClaw thread (https://news.ycombinator.com/item?id=47427027) has a lot of discussion about whether sandboxing solves OpenClaw's security problems. We think the answer is fewer moving parts, not more layers.
Author here. We built NoClaw after watching OpenClaw users burn $800-$3600/month on tokens, deal with 1,100+ malicious ClawHub skills, and have agents email their entire contact list unprompted.
An AI assistant can be genuinely useful but it doesn't require 400,000+ lines of code and burn tokens like they are free.
We use small C CLI tools that talk to native macOS apps, Emails, Calendar, Reminders, Contacts — so everything syncs to your other devices, connected by Unix pipes. The whole assistant is `imessage bot 'toast "You are the executive assistant"'`. Inference runs locally on Apple Silicon at zero cost and data never leaves the machine. Alternatively, have Cerebras, OpenAI, or Anthropic do some of the inference. You know, you are in control.
Permissions are a text file called `.tools`, one command per line. Revoke email access by deleting a line. Audit with `cat .tools`.
