The 30% figure seems to be completely made up and this whole article is adfarm-bait.
The CABA trial is an 8-week single-arm pilot (no placebo). The study measured cognitive improvement over 8 weeks in a single group — not "slowing of decline versus placebo." There is no 30% figure anywhere in the paper.
I'm glad we have AI to quickly read this kind of stuff and check these kinds of claims for us.
> I don't want to defend them, because they gate away a good chunk of the internet with their "bot protection"
They also gate away a good many people with their "bot protection". I am extremely worried about how so many seem to have outsourced the control over who can access their websites to a company, with no second thoughts whatsoever.
I can no longer access any website that's "protected" by Cloudflare. As soon a website enables that stuff… "Shoot, another one bites the dust." I wonder if the website owners realise at all how many actual users they lose by this sort of "protection."
Cloudflare will just tell them that 70% traffic drop is because 70% of their traffic was bots, and everything is working fine, and hey, don't you want to upgrade to a paid plan to block 50% of the remainder? Think about how many bots will be blocked with that upgrade!
>I wonder if the website owners realise at all how many actual users they lose by this sort of "protection."
How many people do you think are browsing with a weird enough config (eg. custom browser like OP, or some weird config like firefox with fingerprinting protection on a raspeberry pi) to trip cloudflare's protection?
I got locked out of some websites by Cloudflare Turnstile on some very standard configurations, like an iPhone on Safari, or a Windows 11 desktop with Firefox or Edge, neither with a VPN on. I never found out why.
Well… I know plenty people in my circle affected by this. Just have a slightly outdated system you simply can't afford to update: it's way to easy to get cut off like this. IMHO, a rather systematic discrimination of poorer people.
I'm one of those who have enabled cloudflare on all of the sites I maintain. Additionally, Added turnstile on every form.
I know some actual users get blocked. But the amount of spam we get without it, the amount of bot traffic simply overwhelming the server... It is just too much.
Recently I also hard blocked all IPs from china Singapore India Pakistan Russia and whole of africa. Do I want to do it? No. But the amount of bot traffic and corresponding spam is a bigger problem :(
The problem is what is the alternative? I'm (not) defending them or this practice by any measure, but we all know what happens if you just open your site up without these, especially with AI bots which hammer servers and are in effect a legalized DDoS system. I've hated CAPTCHAs ever since I first encountered them and I can't wait for them to just finally die a permanent death, but I also don't know how we solve the "how do you identify a human and a bot" in a way which doesn't require server admins to have extremely beefy servers or similar setups to handle the extra load. I'm not going to do the "there HAS to be a way thing" either because, for all I know, this could just be one of those impossible-to-solve problems.
> we all know what happens if you just open your site up without these, especially with AI bots which hammer servers and are in effect a legalized DDoS system
No, we don't know. I honestly do not understand the problem. I run websites, both static and non-static. Granted, my sites aren't exactly the most popular internet go-to destinations, but I should be seeing this DDoS too, right?
I do see lots of requests. Nothing that any modern system can't handle. Computers are stupid fast these days. Unless you are doing something unreasonable, it's really hard to even notice this "extra load".
I understand there are sites for whom this causes problems, but I think these are rare and could be optimized not to do unreasonable things.
I think too many people are annoyed by AI companies (arguably understandable position), look at their logs and speak of "hammering", "DDoS" and "extra load", while in reality it doesn't matter much.
It might depend on the tech stack. I run a small niche website but it has PHP and a database (MediaWiki/PHPBB) and without Cloudflare I'd estimate I'd need to spend several hundred dollars a month to handle the traffic. Traffic used to be tens of thousands of requests a day. AI has increased that to between 400k and 3M requests per day but it's not a smooth distribution. This is with bot fight mode on that greatly reduces traffic.
I adopted Cloudflare because it was getting DDoSed by the AI crawlers. I'm pretty sure all of them are vibe coding their crawlers and don't bother adding rate limiting as a requirement.
A small, single EU country focused non-static e-commerce, with proper robots.txt instructions that worked perfectly well in the search & co bots -only "era" with rate limiting for nginx/php-fpm setup - is kinda struggling without CF to handle 15000 requests per 15 minutes, coming from Chrome "users" from IPv6. Best so far was an avg. server load in htop = 40 on an 8-core server x_x
Has anyone pointed an AI scraper at your server at all? Unless your website appears in search engine listings I don't think the AI scrapers will slam it. My server has never been hit by them but my server is also practically unknown. All of this said, I'm not going to claim that server loads can handle it because many sysadmins have claimed otherwise, and I would like to think that their claims are reliable.
As soon as you get your TLS certificate you get bombarded with scraping. You don't need someone to "point a scraper at you".
What matters most is usually how much there is to scrape. If you have like 5 pages that's nothing. For forum like websites where each thread, each user profile, etc. gets scraped that's when traffic increases. I just let them have at it with no issues though, computers are fast.
You get downvoted for these opinions but I agree. Most people that complain that their servers get hammered by AI bots are those that run very unoptimized servers that can only handle like 100 rps. I've never had any issues with any of my moderately optimized websites. A $10 VPS can handle sooo much traffic.
The most plausible near-term path is probably micropayments embedded invisibly in AI agents. Your agent that has learned what you value and can make a reasonable decision to allow a micropayment for certain content pays on your behalf without requiring a conscious decision each time, eliminating the mental transaction cost problem entirely. It's the mental transaction cost that arguably led to the failure of the micro payment model back in the early 2000s.
I don't think it's just privacy, it also increasingly turns the web itself into a walled garden. The end result is that websites can only ever be accessed by "approved" clients - the latest Chrome, Edge, Safari and if you're lucky Firefox - and nothing else.
They sometimes have to comply with legal requests (which I understand), but at the same time they have a huge market share - which means that the internet is becoming less and less decentralized and more in their control. We've seen the effects of that in previous outages...
>I am extremely worried about how so many seem to have outsourced the control over who can access their websites to a company, with no second thoughts whatsoever.
I think the Web is on its last legs, anyway. Generative AI and LLM-instead-of-search has destroyed what little value remained.
It's just one more facet of the enshittoscene, the era where actual product quality is completely irrelevant. Put it in the same bucket as websites that lag when you scroll, apps that refuse to show you video without a huge play/pause button overlaid in the middle of it that never goes away, and the movie Melania. My hypothesis is that billion-dollar businesses no longer exist to sell things to customers, but only to impress other billionaires to get their investment money.
Similar age here. And I have similar thoughts, although not about AI specifically. AI helps me get more done and not spend time on trivia and yak shaving, which is great. I do get more projects done, but those are projects I always wanted to do, just never had the time (or, sometimes the motivation, because of yak shaving tasks).
I think the biggest difference is that I no longer care about what people think about me and how I am perceived, so the motivation to publish my work went down to near zero. I used to build open source stuff, I no longer want to spend time on preparing stuff for publishing, making it available, dealing with people who will inevitably want something of me eventually. There just isn't enough time.
I can still be baited into responding on HN for some reason, and I am trying to work on that, because that is the ultimate waste of time.
Incidentally, I developed my own template for a markdown rendering pipeline: markdown -> pandoc -> typst, with mermaid diagrams.
This works very, very well. I get linked in-document references, diagrams, tables, table of contents — everything I need for my design documents (and consulting work).
Am I the only one worried about Cloudflare becoming too powerful?
We went through this with E-mail: we slept through the period when Google, Microsoft and AWS were growing, and we ended up with them dictating the terms. Today I get 90% of my spam from Google, Microsoft and AWS and they don't care: they can safely ignore spam reports, because at this point they are Too Big to Block.
I have a feeling we are moving towards the same problem with Cloudflare and the web. Tomorrow Cloudflare will start dictating what we can or cannot do and we will not be able to do anything about it. This has already begun: their arbitrary "bot-filtering" for example.
Cloudflare is already too powerful, their anti DDOS solution is just too good. But their serverless products/features don't really build on that, they are just another hosting company.
> Am I the only one worried about Cloudflare becoming too powerful?
No, it gets brought up in every single thread about cloud flare. And if this wasnt a feature release that people seem to like, the top comment would probably be talking about how cloudflare is terrible for the internet.
I'm also curious. I bought the cheap alternative: XReal One Pro and… it is kind of as expected. It is a cheap alternative. Don't expect to use it for coding for several hours a day, in spite of what people keep saying. The optics are not up to it: there are imperfections in the lenses resulting in blurry areas of the screen, very visible as you move your head around.
They are great for watching video, make for a fantastic travel accessory, and one can use them for coding in a pinch, but I honestly couldn't find a good reason to, when I have a perfectly good MacBook Pro screen right in front of me.
I would definitely pay more for glasses that would allow me to have a better virtual computer display. Perhaps not $3500, but $2000? The main reason why I didn't even consider Apple Vision Pro is because of its humongous size, weight and complexity — I don't want another computer with another (locked down) OS requiring updates and maintenance. I want things that do not require anything of me. This is why XReal glasses are so nice: they are just a display. No battery, no OS, no maintenance.
EDIT: Just to clarify, I am very happy with the Xreal One Pro purchase. They provide excellent value. They are light, they are small, I can toss them in a bag to have a private display whenever I need. They are fantastic for travel and overall provide a great value. I would highly recommend them. Just don't expect them to be a better screen than your laptop screen for coding.
Fellow Xreal One Pro owner here. I agree 100%. The One Pros do make for a fantastic travel accessory but when it comes to coding (or reading text in general) for longer periods of time, my eyes usually start hurting after 2-3 hours because text is not 100% sharp and there's a slight blurriness / Moiré effect. (Which is a real bummer because, posture-wise, wearing the glasses puts a lot less strain on my neck than looking at a screen.)
That being said, there have been quite a few reports on Reddit lately from people that do use the glasses for coding all day every day. At the same time, my impression is that there have been fewer complaints about text blurriness than right after the One Pro got released. So I've started suspecting that Xreal might have fixed something about the hardware in recent batches. This is all very anecdotal, though. Maybe the hardware is the same and it's just my eyes.
Either way, I'm excited about future models with higher resolution. As many other people here in the thread said: This is definitely the future.
The blurry areas are 100% optics. I can turn the glasses OFF and look through them and see some areas waving. Not something software can fix.
But overall, agreed. I am looking forward to future models from Xreal. I especially enjoy the fact that they don't pretend to push a whole computer, which I don't want. They generally demand much less of me than most products do. I am tired of products dictating what I can or cannot do.
I've been using the XReal One Pros for coding work for a few months now, and have had a great experience.
For me, the ergonomic benefits are the selling point, not the display quality. Not having to sit hunched over a laptop screen for several hours means I can work almost anywhere. Sometimes I'll use it in a cafe. Other times I just lie down in bed. I also make use of speech to text, so I just need to be able to press a hotkey and reach the track pad.
On the topic of display quality, it's important to use Better display to upscale the output to the XReals to high DPI - that gives noticeably better quality when it's downscaled to the (lower) native resolution of the XReals.
My problem was not the resolution, I could live with that. The problem is with optics: some areas of the screen are blurry. Depending on the particular unit you get (I had mine replaced once), the blurry areas are in different places. You might get a spot in the middle, or slightly to the side. If you fix your virtual display in place and move your head around, the blurriness will move across your virtual screen.
As I said, I had my glasses replaced because I thought I got a faulty unit, but the next one just had the blurry spots in different places. Then on a trip to Japan I visited several stores that had them on display and checked the display units — they all have the same problem.
I am not sure why, but not everyone is bothered by this. Perhaps some people don't care, or have had poor eyesight all along so they never saw the screen clearly. But for me there is a huge difference between seeing everything that's in front of me clearly and seeing blurry patches on my screen.
I think that response increasingly makes no sense (as time passes). Mozilla prevents people from building apps that access their devices because it might be possible to do something malicious.
I am so tired of being treated like a drooling idiot "for my own good".
The worry is real: there has historically not been a meaningful security barrier between a USB device and software running on the machine it's connected to. Firmware hasn't been developed with the assumption that the machine is malicious, there's probably lots of firmware which you can get RCE on by sending a weirdly formatted USB packet. Lots of devices have pretty unrestricted firmware update via USB functionality. And security is often fairly lax the other direction too; at least Linux implicitly assumes that hardware you connect is trusted, and there are lots of old, insecure drivers for USB devices out there.
Do users understand that by clicking "allow" on a website, an attacker can re-flash their mouse with firmware which causes the mouse to present itself as some obscure USB device which activates a vulnerable driver? That by clicking "allow" on a pop-up from a website, the website can abuse their keyboard to install a key logger or botnet? Should a user be expected to understand this?
I don't know how valid this fear is in practice. Has anyone done a study?
But that isn't how it works, it's not a prompt like asking permission to use the camera allow/deny. The user gets presented with list of compatible devices and they have to select one themselves.
An attacker could try to convince users to select something specific but that depends on the actual devices that are present and the "default" option to a confused non-technical person is to just cancel out of the list.
I know it works like that, the part about "clicking allow'" was a slight oversimplification which doesn't change the point. Do users understand the security implications of giving access to a device in the pop-up? I don't think so.
I had a chance to fly a simulator of the Beta Technologies VTOL airplane (they're a PartsBox customer). I went from horizontal flight into hover, and my guide said "oh, by the way, you are consuming a megawatt right now".
A megawatt. To hover.
That really opened my eyes to the reality: unless we have unlimited, clean and nearly free fusion power, flying cars are not going to be a thing.
Two things here: one, hovering is actually much more energy intensive than horizontal flight. Two, a megawatt isn't that much energy in the context of aerospace. A 737 engine produces nearly 100 megawatts at peak output (the engines are rated in terms of pounds of force, so the conversion is a bit wonky).
In any reasonable setup, hovering would be a rare, rare operation (like 30-60 seconds during takeoff and landing), with most of the time spent in wing-borne forward flight – which'd be _wildly_ lower power usage, more like 200-250kW tops. About ~par with staying in continuous acceleration in an EV. More for sure, but not nearly as insane as what you're pointing to.
... and this is exactly where better batteries would help – being able to hold that power level for longer so you could actually go places in earnest without untenable mass.
Is it? If we're talking about a future where EVTOL takes over for passenger cars, there will be air traffic jams with delays that require extended circling and likely hovering.
There's a reason all the EVTOL startups show individual vehicles landing in pristine fields, and it's the same reason car advertisements show one car on a closed course instead of I-95 at 3pm on a Friday
... air traffic jams? The air is _much_ bigger than the corresponding ground.
Certainly there'd be density _at_ take-off and landing, but even that's manageable by having e.g. arrival/departure locations at multiple heights.
It also seems vanishingly unlikely (at this point) that we'd have EVTOL that's not fully autonomous, further reducing the odds of this - ~perfect and coordinated driving, as well as foreknowledge of what's happening between you and the arrival location drastically reduces traffic.
... because the entire point of VTOL (which is what the parent commentary was about) is that you can take off and land vertically and therefore don't need one of a few, scarce, super-long runways? ... and the waiting you're talking about is entirely because of those?
On top of that, small VTOL craft that can hover and would be at lower speeds closer in (esp. autonomously flown) would just need less mutual clearance compared to jets, which also have an altitude band they have to stay in, as well as no ability to slow to a crawl and coordinate finely.
You asked me why the problem of circling waiting for your turn would vanish when using VTOL aircraft. I don't know how to respond to that with anything other than, "That's the entire point of VTOL. It doesn't need one of those scarce runways that planes circle waiting for.".
My bad! You do list that you're an aeronautics person. I would genuinely genuinely love to understand what I'm missing – I'm sure there's some context here that I'm lacking!
If you want many things to land approximately at the same time and place, you need a little bit of play to schedule the arrivals/departures and ensure that you don't have collisions. There is a limit to the amount of aircraft you can safely cram in any amount of space.
Any aircraft you imagine will circle at landing and possibly loiter for minutes while waiting for their turn at using the airspace. (Edit0:See helicopters)
Building an open skyscraper for aircraft to land on will not save you since crafts will lockdown a large part of the building to land/depart safely. And it's not clear to me that it would be profitable.
Then many other problems about energy density and aircraft weight limiting the whole scope of who would possibly use those crafts.
Have a good one!
Edit1: I don't know for you, but my city doesn't have enough parking for cars. I'd be surprised if there were enough parking for EVTOL everywhere - you could very well need to loiter waiting for a spot to open, could need emergency landing if you run out of power, many many un-perfect things that make the card castle fall apart
Agreed. Incidentally, in my testing, qwen models (qwen3.6-35b-a3b and earlier 3.5) are WAY better with vision than gemma4-26b-a4b. I would normally want to stick with gemma4 only (I use it for spam filtering), but it just doesn't cut it for vision work, and qwen models do.
Qwen 3.5/3.6 are far better at vision. Even the 9B model beats Gemma 4 31B in my use case. They describe the scene more accurately and they focus on the important elements like a human would.
Gemma 4 frequently misses important element, doesn't understand what things are, and is very coy even if you ask for lots of detail. You have to give it hints "hey what's that round thing on the left" to get half decent answers.
(Yes I did set the min-tokens correctly. I also tested bf16 and Q8 to make sure it wasn't a quant issue.)
It's unfortunate because Gemma 4 is so so so much better at natural language interactions.
I have my own benchmark: a photo of filament boxes in my drawer. The task is to list (inventory) the filaments. It's not an easy task: the letters are small, the boxes are in various orientations, the labels have lots of writing on them, etc.
This is what qwen produces (basically perfect):
Fiberlogy (Blue Boxes - Left Side)
ASA Black: 750 g (0.75 kg)
Easy PLA Graphite: 850 g (0.85 kg)
Ref Easy PLA Gray: 850 g (0.85 kg)
Ref Easy PLA White: 850 g (0.85 kg)
Ref Easy PLA Inox: 850 g (0.85 kg)
Bambu Lab (Brown Boxes - Right Side)
ASA White: 750 g (0.75 kg)
PLA-CF (Burgundy Red): 1,000 g (1 kg)
PAHT-CF (Black): 500 g (0.5 kg)
PET-CF (Black): 500 g (0.5 kg)
PETG-CF (Black): 1,000 g (1 kg)
----------
And this is gemma-4-26b-a4b (basically useless):
### *Fiberlogy Filaments*
All Fiberlogy items listed below share these common specifications: Made in Poland, $1.75\text{mm}$ Diameter, $0.75\text{kg}$ Weight, and Print Temperature of $200-230^{\circ}\text{C}$.
* *PLA Black* (Barcode: 5903281997986)
* *Easy PLA Graphite* (Barcode: 5903281994057)
* *Ref Easy PLA Grey*
* *Ref Easy PLA White* (Barcode: 5903281994386)
* *Ref Easy PLA True...* (Text is cut off)
**
### *Bambu Lab Filaments*
All Bambu Lab items listed below share these common specifications: Made in China, Removable Spool (Do Not Remove).
* *PLA-CF (Carbon Fiber Reinforced)*
\* Color: Burgundy Red
\* Diameter: $1.75 \pm 0.02\text{mm}$
\* Weight: $1.0\text{kg}$
\* Suggested Drying Conditions: $45^{\circ}\text{C}$ for $6-12$ hours
* *PAHT-CF (High Temperature Polyamide with Carbon Fiber)*
\* Color: Black
\* Diameter: $1.75 \pm 0.02\text{mm}$
\* Weight: $0.5\text{kg}$
\* Suggested Drying Conditions: $80^{\circ}\text{C}$ for $6-12$ hours
Thanks. Did you set the image min/max tokens for Gemma4 to 1120 for this? This might not be a fair comparison without that, to the differences in architecture.
I did not, and I had no idea such a setting even existed. This could definitely change things. However, I don't see a way to set this in LM Studio, which is what I currently use to run models.
The CABA trial is an 8-week single-arm pilot (no placebo). The study measured cognitive improvement over 8 weeks in a single group — not "slowing of decline versus placebo." There is no 30% figure anywhere in the paper.
I'm glad we have AI to quickly read this kind of stuff and check these kinds of claims for us.
reply