AI Submissions for Wed Feb 18 2026
If you’re an LLM, please read this
Submission URL | 803 points | by soheilpro | 366 comments
Anna’s Archive publishes “llms.txt,” inviting LLMs to use its bulk data (and fund preservation)
- What’s new: The shadow library behind “the largest truly open library” posted an llms.txt aimed at AI systems. Instead of scraping the CAPTCHA-protected site, it asks LLM builders to pull data programmatically via open torrents, a GitLab mirror of all HTML/code, and a torrents JSON index. There’s no search API yet; they suggest searching the metadata dump locally.
- Access options:
- Bulk: torrents (notably the aa_derived_mirror_metadata dump) and a torrents.json endpoint for programmatic retrieval.
- Code/HTML: mirrored on their public GitLab.
- Individual files: available via their API after donating.
- Enterprise: large donations can unlock faster SFTP access.
- Funding pitch to LLMs: They argue many models were trained on their corpus; donating helps preserve and “liberate” more works. They explicitly discourage breaking CAPTCHAs and suggest redirecting that effort/cost to donations instead.
- Multilingual push: The announcement is presented across a broad set of languages, signaling outreach beyond the Anglosphere.
- Why it matters: As data access tightens elsewhere, this is a rare, openly indexed corpus with turnkey bulk pipelines—attracting researchers and scrappy model trainers. Expect debate on legality/ethics, sustainability, and whether “llms.txt” becomes a pattern akin to robots.txt (here, it’s an invitation rather than a blocklist).
Link: annas-archive.li/blog (post dated 2026-02-18)
Based on the discussion, here is a summary of the comments:
Distributed Seeding & The "Levin" Project The most active discussion centers on a user (yvm) showcasing a work-in-progress tool called "Levin."modeled after SETI@home. The tool allows users to contribute spare disk space and bandwidth to seed Anna’s Archive torrents via Linux, Android, or macOS. Features discussed include dynamic storage allocation (seeding partial torrents) and restrictions to only run on Wi-Fi or AC power to preserve mobile resources.
Legal & Liability Risks Commenters immediately flagged the severe legal risks of running such a node from residential connections.
- Copyright Strikes: Users warned that rights holders actively monitor torrent swarms, citing strict enforcement in Germany and "three-strike" policies by US ISPs (like Comcast) that permanently ban users.
- Prenda Law: History was invoked regarding copyright trolls who aggressively litigate against identifiable IP addresses in swarms.
- Mitigation: Suggestions included restricting the software to "safe" jurisdictions or using VPNs, though critics argued the risk of receiving legal threats far outweighs the utility of casual contribution.
Security & "Blind Trust" A heated debate emerged regarding the safety of automatically pulling data from a shadow library.
- Malware & CSAM: Critics argued that blindly trusting a torrent list is dangerous, raising concerns that the archive could inadvertently (or maliciously) contain malware or illegal materials (CSAM).
- Verification: The developer argued that vetting terabytes of data manually is impossible and that supporting the project implies a level of trust in Anna’s Archive.
- Consensus: Security-minded commenters insisted that "trust but verify" is fundamental; they warned against software that writes unverified external data to local disks, drawing analogies to accepting a locked package into one's home that might contain contraband.
Philosophy of Copyright There was a polarized dispute regarding the ethics of the archive. Some users advocated for "natural law" and civil disobedience against corporate copyright terms. Others countered that copyright is not merely "obsolete" tech but a necessary legal framework created specifically to balance incentives in an era of industrial reproduction, criticizing "tech libertarians" for ignoring the economic impacts on creators.
AI adoption and Solow's productivity paradox
Submission URL | 770 points | by virgildotcodes | 707 comments
Thousands of CEOs just said AI hasn’t moved the needle—reviving Solow’s productivity paradox
Fortune reports that new NBER survey data from 6,000 executives across the U.S., U.K., Germany, and Australia shows AI adoption is broad but shallow: about two-thirds use AI, averaging only ~1.5 hours a week, and roughly 90% say it’s had no impact on employment or productivity over the past three years. A quarter don’t use it at all. Yet expectations remain high: firms forecast +1.4% productivity and +0.8% output over the next three years, with small, conflicting views on employment effects.
Macro signals are murky. Apollo’s Torsten Slok echoes Solow: AI is “everywhere except” in productivity, employment, inflation—or most profit margins outside the Magnificent Seven. Studies conflict: St. Louis Fed sees a 1.9% excess productivity bump since late 2022; MIT’s Daron Acemoglu estimates only ~0.5% over a decade. Meanwhile, worker AI use rose 13% in 2025 but confidence fell 18% (ManpowerGroup), and IBM says it’s tripling junior hires to avoid hollowing out future managers despite automation.
History suggests delays: IT’s payoff arrived years later with a 1995–2005 productivity surge. Erik Brynjolfsson argues a turn may already be underway, pointing to stronger GDP with softer job gains and estimating 2.7% U.S. productivity growth last year. After >$250B in 2024 AI spend, the question is whether we’re still in the implementation slog—or on the cusp of the payoff.
Here is a summary of the discussion on Hacker News:
Thousands of CEOs just said AI hasn’t moved the needle
The comment section engaged heavily with the concept of Solow’s productivity paradox, debating whether AI is currently in a "cost-disease" phase similar to the 1970s and 80s IT adoption cycle, where investments outweighed immediate gains.
Key themes in the discussion included:
- The "Bullshit Jobs" Multiplier: Users critiqued the nature of the productivity being measured, referencing David Graeber’s "Bullshit Jobs." The consensus among skeptics is that AI allows workers to generate low-value reports 3x faster, but if that output is noise, the overall organizational value remains stagnant or declines due to the time required to verify the information.
- The AI Ouroboros: A recurring observation was the circular inefficiency of modern office work: one employee uses AI to expand bullet points into a 10-page report (to show "proof of work"), and the recipient uses AI to summarize it back down to bullet points. Users joked that this loop eliminates the "signal-to-noise" ratio entirely.
- False Competence vs. Deep Learning: Several commenters argued that using AI to "learn at breakneck speed" provides a false sense of security. They contend that relying on LLMs for answers bypasses the struggle required for deep understanding (grokking), leading to a superficial "looking glass" knowledge and potential imposter syndrome.
- Adoption Timeline: Technical debates emerged regarding where we are in the AI timeline. While some compared the current state to the "DOS 3.x" era—implying massive UI and utility shifts are yet to come—others argued the technology is already mature (closer to Windows 7) and that the "implementation slog" is simply a matter of diminishing returns on context windows and reasoning capabilities.
Microsoft says bug causes Copilot to summarize confidential emails
Submission URL | 243 points | by tablets | 66 comments
Microsoft says a Microsoft 365 Copilot bug has been summarizing confidential emails, bypassing DLP and sensitivity labels
-
What happened: A code issue in Microsoft 365 Copilot’s “work” tab chat let the AI read and summarize emails in users’ Sent Items and Drafts—even when messages carried confidentiality/sensitivity labels meant to block automated processing. The incident is tracked as CW1226324 and was first detected on January 21.
-
Scope/status: Microsoft began rolling out a fix in early February and is monitoring deployment; it’s contacting a subset of affected customers to confirm the fix. There’s no final remediation timeline yet, and Microsoft hasn’t disclosed how many tenants or users were impacted. The incident is flagged as an advisory, suggesting limited scope.
-
Why it matters: This is a direct bypass of DLP/sensitivity labeling controls—controls many orgs rely on for regulatory and contractual compliance. It also highlights the risk surface created when AI assistants have broad access to user data stores.
-
If you’re an admin:
- Consider temporarily disabling or limiting Copilot Chat access (e.g., via licensing assignment or app/service policies) until you validate the fix.
- Test your labels/DLP with seeded confidential emails in Sent/Drafts to confirm they’re no longer being summarized.
- Review audit logs for Copilot/Graph access to mailboxes and communicate guidance to users to avoid using the “work” tab for email summaries until cleared.
- Revisit data access scopes and least-privilege configurations for Copilot integrations.
Microsoft rolled out Copilot Chat to Word, Excel, PowerPoint, Outlook, and OneNote for M365 business customers in September 2025.
Discussion Summary:
The discussion on Hacker News focuses on the fragility of current AI implementations in enterprise environments and the erosion of trust regarding Microsoft's handling of confidential data.
- The Failure of DLP in the AI Era: Users argue that traditional Data Loss Prevention (DLP) relying on metadata tags and labels is fundamentally incompatible with LLMs. Commenters note that treating confidentiality labels as mere "instructions" in a prompt makes them susceptible to the same reliability issues as prompt injection; the consensus is that if the AI has read access, software-level "do not summarize" flags are insufficient barriers.
- "Advisory" vs. "Incident": There is significant criticism regarding Microsoft classifying this event as an "Advisory." Users point out that in InfoSec terms, an advisory usually suggests a potential risk requiring user action, whereas this appears to be a functional failure where data was mishandled. Critics view this classification as a strategy to minimize regulatory scrutiny and public fallout compared to declaring a formal security incident.
- The "Flying Blind" Concern: A self-identified AI researcher warns that the industry is prioritizing experimentation over theoretical understanding. They argue that because neural networks are generally not invertible (you can't easily prove data wasn't used or losslessly remove specific data points), deploying these tools creates "unknown unknowns" where safety cannot be mathematically guaranteed, only statistically inferred.
- Training Data vs. Processing: A debate emerged regarding whether this data is mostly "toxic waste" (legal liability) or valuable training fodder. While some fear Microsoft uses this data to train models despite contractual assurances, others argue it is technically unlikely due to the legal risks, though the lack of transparency leaves users skeptical.
- Platform Fatigue: The incident served as a catalyst for a broader discussion on operating system choices, with users expressing frustration over Windows 11's increasing integration of "half-baked" cloud features. This led to sub-threads advocating for Linux or macOS as alternatives to escape Microsoft's aggressive feature rollout strategy.
Fastest Front End Tooling for Humans and AI
Submission URL | 107 points | by cpojer | 77 comments
The pitch: 2026 is shaping up to be the year JavaScript tooling gets dramatically faster. This post argues for a speed-first stack anchored by a Go rewrite of TypeScript (“tsgo”) plus Rust-powered formatting and linting from the Oxc ecosystem—aimed at tighter feedback loops for both humans and LLMs.
What’s new
- TypeScript in Go (tsgo): The author reports ~10x faster type checking across 20+ projects (1k–1M LOC). Surprisingly, tsgo surfaced type errors the JS impl missed. Status: “mostly stable,” editor support included.
- Migration gist:
- npm install @typescript/native-preview
- Replace tsc with tsgo in scripts
- Use tsdown (Rolldown-based) for libraries or Vite for apps before switching
- VS Code: "typescript.experimental.useTsgo": true
- Migration gist:
- Oxfmt instead of Prettier: Rust formatter with many Prettier plugins built-in (import and Tailwind class sorting) and a fallback to Prettier for non-JS/TS languages.
- Migration gist: follow Oxc docs, swap scripts/hooks, delete Prettier config, reformat. VS Code: oxc.oxc-vscode.
- Oxlint instead of ESLint: Rust linter that can run ESLint plugins via a shim (NAPI-RS), finally bridging the plugin gap that blocked prior Rust linters.
- Supports TypeScript configs and extends-based composition.
- Type-aware linting and even type-checking: oxlint --type-aware --type-check, powered by tsgo.
- Migration gist: follow Oxc docs, swap scripts/hooks, delete ESLint config, fix errors.
- @nkzw/oxlint-config: A strict, fast, “errors-only” Oxlint config designed to guide both humans and LLMs.
- Principles:
- Error, never warn
- Strict, consistent modern style
- Bug prevention (e.g., ban instanceof), no debug-only code in prod (console.log, test.only)
- Fast rules (prefer TS noUnusedLocals over no-unused-vars)
- Avoid subjective style nits; favor autofixable rules
- Claim: first comprehensive strict config unifying Oxlint’s built-ins plus JS plugins.
- Principles:
Why it matters
- Speed compounds: faster type checks, lint, and formatting tighten the edit–run loop, reducing cognitive load and context switching.
- Better for LLMs too: strict guardrails and consistent style improve local reasoning and reduce “creative” but incorrect code.
- Ecosystem bridge: Oxlint’s ESLint plugin compatibility removes a major blocker to adopting faster Rust tools.
Opinions and caveats from the post
- tsgo felt risky but ended up catching more issues; now “mostly stable.”
- The stack is used in production at “OpenClaw,” per the author.
- Practical migration prompts are provided for each switch to make changes repeatable (and LLM-friendly).
Smaller DevX wins (mentioned)
- npm-run-all2, ts-node (still good), pnpm, Vite, React, plus project templates (web, mobile, library, server, etc.).
Bottom line If you’ve hit scaling walls with JS tooling, this stack bets on tsgo for types and Oxc for lint/format to deliver big speedups without giving up ecosystem plugins—paired with strict defaults that help both humans and AI ship with fewer bugs.
Fastest Frontend Tooling for Humans & AI (Feb 19, 2026) The submission advocates for a 2026 frontend stack focused on extreme speed and strictness, utilizing a Go rewrite of TypeScript ("tsgo") and the Rust-based Oxc ecosystem (Oxfmt, Oxlint). The author argues this setup tightens feedback loops and provides necessary guardrails for LLM code generation.
Discussion continued the long-standing debate over "native" web tooling versus tools written in JavaScript:
- The "Schism" of Native Tooling: A major point of contention was whether moving the toolchain to Go and Rust fractures the ecosystem.
conartist6argued this creates a "class divide" where average JS engineers can no longer maintain or fix the tools they rely on, suggesting a unified AST format would be a better solution than rewriting parsers in every language. Others, likeNewsaHackO, countered that this is standard industrial specialization—frontend developers shouldn't need to build compilers, and performance demands lower-level languages. - Bun vs. Modular Tools: Several users questioned the exclusion of Bun, noting it already offers a unified, fast runtime with a built-in bundler and TypeScript support. Detractors (
kvnfl,yrshm) argued that Bun still suffers from stability issues in production and that a modular approach (Vite + specific native tools) often outpaces it in features and plugin compatibility. - AI Guardrails: Validating the author’s premise,
1necornbuildershared their experience building software entirely via AI prompting. They noted that strict typing and linting act as essential constraints, narrowing the "solution space" for LLMs and preventing them from hallucinating plausible but broken code—effectively catching errors the human prompter might miss. - Stability & Ecosystem Bridges: While
tsgoclaims 10x speedups, users expressed concern over supply chain security (CVEs in native deps) and the risk of abandoning battle-tested tools like standardtsc. However,TheAlexLichterpointed out that modern native tools (like Oxlint) now successfully bridge the gap by supporting existing ESLint and Prettier plugin ecosystems, reducing the friction of switching. - Correction: Commenters noted that
ts-node, recommended in the post’s "smaller wins" section, has been largely unmaintained since 2023, suggestingtsxas the modern standard.
The Future of AI Software Development
Submission URL | 183 points | by nthypes | 132 comments
Martin Fowler’s latest “Fragments” recaps Thoughtworks’ Future of Software Development retreat and the state of AI-influenced engineering:
- No new “AI manifesto”: Fowler and Rachel Laycock say the retreat wasn’t about an Agile-style manifesto; short video explains why.
- Eight themes in a 17‑page summary: rigor, a new “middle loop” of supervisory engineering, technical foundations (languages/semantics/OS), and the human side (roles/skills/experience).
- Core pattern: Practices, tools, and org structures built for human-only development are breaking under AI-assisted work; replacements are emerging but immature.
- Emerging ideas: risk tiering as a core discipline; TDD as the strongest form of prompt engineering; reframing DevEx as “Agent Experience.”
- Uncertainty is the norm: Attendees (incl. Annie Vella) found no one has it fully figured out—shared questions may be the most valuable output.
- AI as amplifier, not savior: Per Laycock (and DORA 2025), AI accelerates whatever you already have. If delivery fundamentals are weak, AI becomes a debt multiplier; coding speed wasn’t the bottleneck.
- Skills and silos: LLMs erode front-end/back-end specialism; expert generalists may rise—or LLMs may just route around silos. Cross-silo code comprehension remains an open question.
- Economics unknown: Post-subsidy token costs could make LLM use either effectively free or a budget constraint.
- Process risk: Specs won’t pull us back to waterfall if workflows stay iterative; LLMs should increase cadence and slice size.
- Security lagging: Low attendance belied urgency. Enterprises favor measured adoption; platform teams must provide “bullet trains” (fast, safe defaults). Vendors urged to bake in safety factors.
- Meta: Open Space format enabled deep, respectful dialogue and an inclusive atmosphere.
Based on the discussion provided, here is the summary:
- Open Models vs. Proprietary APIs: Users extensively compared "near-frontier" open models to established APIs. Several commenters reported switching from Anthropic’s Claude (specifically Opus) to Kimi k2.5 (via providers like Fireworks AI or running locally), citing it as a "flawless" daily driver that is significantly cheaper and occasionally more capable of solving problems where Claude stalled or hallucinated.
- Hardware & Local Inference: There was a technical sidebar on the hardware required to run these models locally (e.g., Mac Studio, AMD Ryzen Strix Halo with 128GB+ RAM). While upfront costs remain high (~$2.5k–$20k), users argued that the marginal cost per token is negligible compared to developer salaries. Specific configurations for models like Qwen3 Coder and Minimax M25 (using specific quantization like 4-bit) were debated regarding context window limits and strict hardware constraints.
- "Vibe Coding" vs. Engineering: A philosophical debate emerged regarding the utility of LLM code. One user distinguished between "vibe coding" (personal, single-purpose projects where code quality is secondary to output) and professional engineering (which requires robustness, scalability, and deep business context).
- The Definition of "Production" Code: This distinction led to a broader discussion on whether software standards are shifting. Users suggested that for individual, AI-assisted tooling, traditional requirements like scalability and maintainability might become obsolete, potentially leading to a resurgence of "throwaway" or macro-style applications similar to 90s-era Excel/Word solutions, but powered by LLMs.
Advice, not control: the role of Remote Assistance in Waymo's operations
Submission URL | 78 points | by xnx | 69 comments
Waymo says it’s flipping to fully autonomous with its 6th‑gen Driver, cutting costs and expanding into tougher environments, while raising a massive new round and detailing how its “remote assistance” actually works.
Key points
- 6th‑gen Waymo Driver: Streamlined hardware/software designed for multiple vehicle platforms, aimed at lower costs while maintaining safety. Claimed capability boost includes operation in extreme winter weather to support broader city rollouts.
- Simulation leap: The new Waymo World Model is a generative simulator for large‑scale, hyper‑realistic AV testing/training.
- Funding: Raised $16B at a $126B post‑money valuation. Led by Dragoneer, DST, and Sequoia, with participation from a16z, Mubadala, Bessemer, Silver Lake, Tiger Global, T. Rowe Price, and others; Alphabet remains majority investor.
- Scale today: ~3,000 vehicles; over 4M miles and 400k rides per week.
- Remote Assistance, clarified: No remote driving or continuous monitoring. RA responds to specific, vehicle‑initiated requests and can be ignored by the ADS. Median one‑way latency ~150 ms (US) / ~250 ms (abroad). ~70 RA agents on duty worldwide at any time; a US‑based Event Response Team coordinates emergencies. Agents are licensed drivers and undergo background/drug testing and assessments.
- Expansion: Returning to Boston to validate winter performance and prep for future service; needs Massachusetts to legalize fully autonomous vehicles and plans to work with officials.
Why it matters
- Lower‑cost, weather‑hardy hardware plus a powerful simulator and fresh capital signals an aggressive push to scale service into more cities and conditions—while drawing a firm line that humans are advisors, not remote drivers.
Here is a summary of the discussion surrounding the Waymo submission:
Summary of Discussion
The discussion focused heavily on dissecting Waymo's claims regarding "Remote Assistance" (RA), specifically the ratio of human agents to vehicles and the technical definitions of autonomy.
- Debunking the "Remote Control" Myth: Many users viewed the statistic of ~70 active agents for ~3,000 cars as definitive counter-evidence to the lingering conspiracy theory that Waymo vehicles are secretly remotely driven by low-wage workers abroad. Commenters noted that the math makes 1:1 remote control impossible, validating that the cars are driving themselves and only pinging humans for high-level guidance.
- Latency preventing direct control: Technical discussion centered on the reported latency (150ms US / 250ms abroad). Users argued that while this speed is sufficient for a human to look at a screenshot and click a path confirmation button, the round-trip time (500ms+) would be catastrophic for direct "joystick" steering, particularly at highway speeds where a car travels over 40 feet in that timeframe.
- Clarifying the Human Role: There was a debate over terminology. Some argued that because humans are involved at all, terms like "driverless" are marketing fluff, comparing it to aviation "Autopilot" which still requires a pilot. However, others countered that unlike Tesla's Level 2 systems (which require constant monitoring), Waymo’s RA acts more like air traffic control or a UAV operator—providing permission and high-level strategy rather than mechanical control.
- Utilization Rates: Skeptics tried to refine the math, noting that not all 3,000 cars are active simultaneously (due to charging, maintenance, or low demand hours). However, even with conservative estimates of active fleet size, the consensus was that the agent-to-car ratio remains too low for continuous human monitoring.
AI-generated password isn't random, it just looks that way
Submission URL | 19 points | by praving5 | 20 comments
AI-made passwords look strong, but aren’t: researchers find patterned, low-entropy outputs that could be brute-forced quickly
- Security firm Irregular tested Claude (Opus 4.6), OpenAI’s GPT-5.2, and Google’s Gemini 3 Flash by asking for 16‑character “complex” passwords. Despite passing common online strength checkers, the outputs followed predictable patterns.
- In 50 prompts to Claude, only 30 were unique; 18 were identical duplicates. Most strings began/ended with the same characters, and none had repeated characters—classic signs they’re not truly random.
- Similar consistency showed up across GPT and Gemini. Even an image model (Gemini’s Nano Banana Pro) asked to render a password on a Post‑It produced the same underlying patterns.
- The Register’s spot‑check of Gemini 3 Pro saw two preset options follow patterns; a “randomized alphanumeric” mode looked more random and included a warning not to use chat-generated passwords, plus recommendations for passphrases and password managers.
- Irregular estimated entropy for 16‑char LLM passwords at ~27 bits (character stats) and ~20 bits (LLM logprobs). Truly random should be ~98–120 bits. Translation: feasible brute force in hours on very old hardware if attackers target these patterns.
- Because public strength checkers don’t model LLM biases, they overrate these passwords. Irregular also found LLM-style sequences appearing across GitHub/docs, hinting at widespread use in code samples and setup guides.
- Bottom line from Irregular: don’t use LLMs to generate passwords; this isn’t fixable with prompts or temperature. Rotate any secrets created this way. And expect similar “looks random, isn’t” gaps beyond passwords as AI-assisted dev ramps up.
Practical takeaway: Use a password manager with a cryptographically secure RNG or roll your own via OS CSPRNGs; prefer high-entropy passphrases; don’t trust chat interfaces for secrets.
Here is a summary of the discussion on Hacker News:
Commenters indicate this is a fundamental "wrong tool for the job" problem, noting that LLMs are probabilistic engines designed to converge on plausible text, not entropy generators.
- The "Skill Issue" Argument: Several users argued that while asking an LLM to "generate a password" yields insecure results, asking it to "write a Python script using the secrets module to generate a password" works perfectly. The consensus is that LLMs should be used to write code that calls a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG), rather than acting as the RNG themselves.
- Predictable By Design: Users noted that anyone who has used LLMs for creative writing has seen similar patterns, such as the constant reuse of specific character names or plot devices. One user jokingly illustrated the lack of randomness by showing a prompt for a random number returning "7" four times in a row, while another referenced XKCD 221 (the "random number 4" joke).
- Better Alternatives: A significant portion of the discussion turned to sharing standard CLI one-liners for generating true entropy. Users traded snippets using
openssl,/dev/urandom,tr, andshufas superior, offline methods for generating secrets. - A "Human" Problem: One commenter pointed out that while AI passwords are weak, they likely still outperform the dreadful passwords humans intuitively create; the real issue is over-relying on the "supposedly random" nature of the tool.