> the quality differential versus the competitor is night and day.
This myth about the inferiority of ChatGPT and Codex is becoming a meme.
I have active subscriptions to both. I am throwing at Codex all kinds of data engineering, web development and machine learning problems, have been working on non-tech tasks in the "Karpathy Obsidian Wiki" [1] style before he posted about it.
Not only does Codex crush Claude on cost, it's also significantly better at adherence and overall quality. Claude is there on my Mac, gathering dust, to the point I am thinking of not renewing the sub.
There are plenty of fellow HNers here who feel the same from what I read in the flamewars. I suspect none of us really has a horse in this race and many are half-competent (in other threads, they mention they do things like embedded programming, distributed DL systems, etc.)
I'm starting to suspect a vast majority of people pushing the narrative that Claude is vastly better haven't even tried the 5.3 / 5.4 models and are doing it out of sheer tribalism.
I have access to effectively infinite API tokens for all models from Anthropic as well as OpenAI. The differential in performance in complex tasks is vast and strongly in favor of Opus, in my experience. I do not use the official harnesses for either model, though - as they are not my taste.
Codex is closer to my taste, as it is at least a native app and not typescript slop. But the model is just not up to snuff.
Disagree. I use codex extensively. It just works so well with vscode and python. Claude with ridiculous limits - thanks no. For some even xAI is good fit.
Grok makes sense if you want s.th. less censored that is not biased towards woke ideology.
I don't see how this matters for coding though. I only use it to give me a summary of recent news (so I don't have to actually read the bs newspapers and X posts myself).
That article's premise is that the Android security model is something that I want. It really isn't.
The F-Droid model of having multiple repositories in one app is absolutely perfect because it gives me control (rather than the operating system) over what repositories I decide to add. There is no scenario in which I wish Android to question me on whether I want to install an app from a particular F-Droid repository.
Can you describe the threat model / specific attack under which... any of the supposed flaws on that page matter? (Most of the particular section you've linked appears to be about extra defenses that could be added, but which are unlikely to make a difference in the face of Android's TOFU signature verification on installed APKs.)
The section you linked in particular is a load of editorialized bullshit IMO. As far as I can tell the only legitimate complaint is that there is (or was?) some sort of issue with the signing methodology for both APKs and repository metadata. Specifically they were apparently very slow to replace deprecated methods that had known issues. However it's worth noting that they appear to have been following what were at one point standard practices.
The certificate pinning nonsense is particularly egregious. APT famously doesn't need TLS unless you're concerned about confidentiality. It's the same for any package manager that securely signs everything, and if there's ever a signing vulnerability then relying on TLS certainly might save you but seems extremely risky. On top of that the Android TOFU model means none of this matters in the slightest for already installed apps which is expected to be the case the vast majority of the time.
As far as I'm concerned F-Droid is the best currently available option. That said of course there are places it could improve.
reply