Rendered at 20:27:14 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
repelsteeltje 1 days ago [-]
One could argue that the discussion is once again about tech debt.
Both OpenClaw and MSDOS gaining a lot a traction by taking short cuts, ignoring decades of lessons learned and delivering now what might have been ready next year. MSDOS (or the QDOS predecessor) was meant to run on "cheap" microcomputer hardware and appeal to tinkerers. OpenClaw is supposed to appeal to YOLO / FOMO sentiments.
And of course, neither will be able to evolve to their eventual real-world context. But for some time (much longer than intended), that's where it will be.
Schlagbohrer 1 days ago [-]
It worked to launch the creator into a gig at OpenAI.
Similar YOLO attitude to OpenAI's launch of modern LLMs while Google was still worrying about all the legal and safety implications. The free market does not often reward conservative responsible thinking. That's where government regulation comes in.
skrebbel 1 days ago [-]
> It worked to launch the creator into a gig at OpenAI
The author sold his previous software business and I'm pretty sure would never need to work anymore. I doubt "a gig at OpenAI" was high on his wish list when he started on Clawdbot.
operatingthetan 1 days ago [-]
Then why did he take it?
arrowsmith 24 hours ago [-]
Where's the contradiction? I'm not auditioning to play guitar for Metallica but I'd take the job if they offered it to me.
mghackerlady 1 days ago [-]
I wonder if public perception of LLMs would be better had Google been the one to introduce them after said safety considerations
malfist 1 days ago [-]
"safety considerations" don't matter. The main sticking point with LLMs is that it's a blatant theft of everyone's copyright all while letting the bosses threaten your job. Blatantly stealing to wealth transfer to the ultrawealthy.
johnmaguire 1 days ago [-]
I realized that one of my bigger issues with LLMs is actually that I worry they increase "information entropy" on average. Most tools help me reduce entropy - LLMs seem to increase it, on a global scale.
This is related to my observation that for thousands of years, written text has indicated a human author - this is no longer true, and I think this is going to be very difficult for us to wrap our human brains around fully.
repelsteeltje 1 days ago [-]
Interesting take. Hadn't thought of it in terms of entropy, but it's true. Almost by definition as the training proces doesn't introduce anything novel beyond scraped inputs and a randomly initialized network. From there, the stochastic generation only adds randomness (and the prompt, of course).
epr 1 days ago [-]
Generally I think this is a legitemate issue, although:
> the training process doesn't introduce anything novel
This is not always the case. A compiler, linter, proof checker, tests, etc. can all lower entropy.
khimaros 21 hours ago [-]
there are some scientist and theorists that argue entropy production is the ultimate sign of life (Jeremy England) and consciousness (Robin Carhart-Harris, Tom Froese)
malfist 8 hours ago [-]
I guess my hot tub is sentient then
AlecSchueler 1 days ago [-]
That might be the case from your position. But if you were a woman whose stalker was able to locate your photos with ease and generate deepfakes or emulate your voice to feed his obsession you might think differently. If you were worrying about your kids surviving tomorrow because an AI system might target their school for the next round it bombings then copyright infringement night not be your top concern.
Forgeties79 1 days ago [-]
>after said safety considerations
Tons of people called for common sense regulation/guardrails years ago and were shouted down as "luddites obstructing progress." It's funny to see this discussion coming back around.
abirch 1 days ago [-]
I believe Google held back on doing a loss leader for LLMs because of shareholders. Look at how much Meta squandered on the multiiverse. If Google gave away gemini prior to OpenAI their stock would have been hit.
fragmede 6 hours ago [-]
If Google giving away services for free is a problem to their shareholders, I have some bad news for them about some of Google's other products.
ETH_start 1 days ago [-]
Taking fewer visible risks can increase your total risk. We are already under constant threat from deterioration: aging, depreciation and decay. Entropy is the default. Action is what pushes back against it.
altruios 1 days ago [-]
You do not fight entropy, only move it around, and in so doing, increase it somewhere. It is still worth it to take action. We may find an action to actually reduce entropy eventually, that does not exist yet.
Filligree 1 days ago [-]
I would be perfectly happy moving it off-Earth. We can consider the long term after we have a mid-term.
altruios 24 hours ago [-]
Sometimes I wonder if this is somehow both an answer to the fermi paradox and the increasing expansion rate of the universe. Every alien civ doing exactly this somehow.
classified 1 days ago [-]
> It worked to launch the creator into a gig at OpenAI.
True, but it doesn't scale. No amount of YOLO will let anyone else repeat that feat.
alfiedotwtf 9 hours ago [-]
Let’s not forget that (from what I’ve read) llama.cpp was a weekend YOLO side project and kicked off this whole new industry
charcircuit 1 days ago [-]
Then why does the creator keep complaining that the maintainers he onboards keep getting poached by AI companies. It seems more like it is scaling too well.
GardenLetter27 1 days ago [-]
Conservative thinking isn't responsible.
That's how you end up like Germany still using cash and fax machines for 60+ years.
krior 13 hours ago [-]
I agree that fax machines belong into the past, but cash? I'd like to be able to pay even if the internet/power goes down, thank you very much.
defrost 13 hours ago [-]
Cash will have relevance as long as internet and cloud failures are still an ongoing thing .. both for lovers of privacy and viable fallbacks as required.
which includes figures that show while only 8% of Australian transactions are cash (by some metric, see article) 33% (a third) of the population fully supports keeping cash on.
tomjen3 6 hours ago [-]
And that is fine and I do the same.
In Germany in many places you can only pay with cash.
lazide 22 hours ago [-]
Everyone is starting to get a real good lesson in why cash is important.fax, eh
TeMPOraL 1 days ago [-]
OpenClaw was an inevitability. An obvious idea that predates LLMs. It took this long for models and pricing to catch up. As much as I dislike this term, if there's one clear example of "Product Model Fit", it's OpenClaw - well, except that arguably what made it truly possible was subscription pricing introduced with Claude Code; before, people were extremely conservative with tokens.
But the point is, OpenClaw is just the first that lucked and got viral. If not for it, something equivalent would. Much like LangChain in the early LLM days.
mikeocool 1 days ago [-]
> if there's one clear example of "Product Model Fit", it's OpenClaw
You think so? OpenClaw certainly owned the hype cycle for a while. There was a thread on HN last week where someone asked who was actually using it, and the comments were overwhelmingly "tried it, it was janky and I didn't have a good use case for it, so I turned it off." With a handful of people who seemed to have committed to it and had compelling use cases. Obviously anecdotal, but that has been the trend I've seen on conversations around it lately.
Also, the fact that the most starred repo on GitHub in a matter of a few months raises a few questions for me about what is actually driving that hype cycle. Seems hard to believe that is strictly organic.
pi.dev I'm much more interested in. Closer to the bone, or maybe better said, pi.dev is more like a lego and OpenClaw seems like a big Ninjago set.
I was shocked when I saw the guy behind libgdx was also behind pi.dev. Random tech worlds colliding.
marssaxman 1 days ago [-]
Would you mind explaining what that idea actually is? I don't understand what people are trying to do with this thing, or why they would think that would be a good thing to do, and some of the stories about it sound basically insane, so I must not be grasping the core idea.
tguedes 1 days ago [-]
To me it seems like an LLM-based implementation of automation software like Zapier. The problem with Zapier is you need services to provide APIs and Zapier needs to support those APIs to implement it in the automation workflow.
But because OpenClaw can just use a web browser like a normal user, you don't need all these APIs and there's no theoretical limitations on the services that can be integrated and automated.
Right now there's a lot of issues/bugs. People have more trust in a deterministic solution like Zapier. But maybe the LLMs and OpenClaw will get there eventually, and if it does, I can see how that's a better solution than a deterministic system.
johnmaguire 1 days ago [-]
Plain English automation, including control of external systems. Even better that it exhibits some forms of decision-making autonomy for edge cases.
bravura 1 days ago [-]
It's a handful of useful features that together feel qualitatively different, like you're talking to a real person.
Peritract 10 hours ago [-]
Such things always feel qualitatively different to the people captured by the craze; it doesn't mean there actually is a difference.
neutronicus 1 days ago [-]
It seems like the most fully reified attempt at allowing a person to delegate _all_ of their responsibilities to the Slop Machine.
Which has of course always been the true allure of AI. Do nothing and pretend you did something, when pretending is something you can be bothered to do.
MSDOS and similar single-user OS were not originally designed for networked computers with persistent storage. Different set of constraints.
leonidasrup 1 days ago [-]
OpenClaw, the ultimate example of Facebook's motto "Move Fast and Break Things"
mettamage 1 days ago [-]
Aka a marketing play
This is why we can’t have nice things
saidnooneever 1 days ago [-]
DOS didn't have certain protections because the hardware it targeted did not have those protections. For UNIX on the same machines, they also had no such protections. On 8086 there were no CPU rings, no virtual memory and no other features to help there.
Memory isolation is enforced by the MMU. This is not software.
Maybe you were confused with Linux, which came later, and landed in a soft x32 bed with CPU rings and Page Tables/VirtualMemory. ("Protected Mode", named for that reason...)
That being said, OpenClaw is criminally bad, but as such, fits well in our current AI/LLM ecosystem.
TacticalCoder 1 days ago [-]
> DOS didn't have certain protections because the hardware it targeted did not have those protections. For UNIX on the same machines, they also had no such protections. On 8086 there were no CPU rings, no virtual memory and no other features to help there.
Those arrived with the 386 (286? Don't remember but 386 for sure) and DOS was well alive late into the 386 and even late in the 486 days.
> For UNIX on the same machines, they also had no such protections.
I was already running Linux on my 486 before Windows 95 arrived. Linux and DOS. One had those protections, the other didn't.
NoGravitas 6 hours ago [-]
You could run the 286 in Protected Mode, which offered those features. The problem was that DOS programs needed to run in backwards-compatible Real Mode, and switching between them meant resetting the CPU. You could implement a competent OS for the 286 (Coherent, Minix, Xenix, OS/2 1.x), but it wouldn't be able to run DOS programs - though OS/2 1.x managed to swap between one DOS session and all of its OS/2 sessions.
With the 386, you could run multiple virtualized Real Mode CPUs, which enabled OS/2 2.x to preemptively multitask DOS sessions. Windows 3.x on a 386 or higher could also multitask DOS sessions, just much less reliably.
badc0ffee 1 days ago [-]
I agree that DOS was offered well past when it should have been, but there were alternatives even in the 1980s - Netware, OS/2, commercial UNIX like XENIX and SCO.
organsnyder 1 days ago [-]
Windows 95 was still based on DOS, and didn't offer a lot in the way of isolation or other security features. Win98 and ME were similar. It wasn't until all Windows versions used the NT kernel (XP being the first consumer-focused release) that this changed.
pixl97 1 days ago [-]
I mean, why would Microsoft program said protections into DOS when NT existed by 93?
Simply put there was no putting said protections in to DOS for a few reasons. Backwards compatibility being a huge one. That and memory in most computers was tiny, getting Linux running on most of them would have been difficult.
saidnooneever 23 hours ago [-]
i think his point still holds but yours is true too.
win 3.1 had protected mode. but windows 95 which was dos based did not. 98 i think got protected mode? not 100% sure on that. i know in windows 2000 it was still horrible broken...
23 hours ago [-]
d3Xt3r 21 hours ago [-]
> The sad days of DOS. Any program could peek and poke the kernel, hook interrupts, write anywhere on disk.
Sad? That was the best part of DOS. Some of my fondest computing memories was on DOS - warts and all. Being able to live hexedit your drive and memory to cheat in games, the sheer freedom you got from hacking around the OS is incompatible to modern operating systems - even Linux.
You were in full control of your computer and you decided how it could be used, not some mega corporation or compliance agency.
DOS wasn't sad, it was fun.
Delk 6 hours ago [-]
You could do all of those things on an OS with proper security separation as long as you have full root access.
There's no megacorp stopping you from reading and writing kernel memory. Unless, of course, the computer refuses to run software not signed by the megacorp or some software refuses to run without a digitally signed chain all the way down to the firmware like some game anticheats do.
But that's not really because of things like permission boundaries for processes. You can have those and still be in full control of those boundaries. It may be more convoluted than in a barebones system like DOS, of course.
tehologist 19 hours ago [-]
This was also when most of these machines were not online. Security wasn't as much of a concern.
teach 1 days ago [-]
This isn't especially related to the article, but when I was at university my first assembler class taught the Motorola 680x0 assembly. I didn't own a computer (most people didn't) but my dorm had a single Mac that you could sign up to use so I did some assignments on that.
Problem is, I was just learning and the mac was running System 7. Which, like MS-DOS, lacked memory protection.
So, one backwards test at the end of your loop and you could -- quite easily -- just overwrite system memory with whatever bytes you like.
I must have hard-locked that computer half a dozen times. Power cycle. Wait for it to slowly reboot off the external 20MB SCSI HDD.
Eventually I took to just printing out the code and tracing through it instead of bothering to run it. Once I could get through the code without any obvious mistakes I'd hazard a "real" execution.
To this day, automatic memory management still feels a little luxurious.
pantulis 1 days ago [-]
This weekend I installed Hermes on my computer. My M4 Max Studio started spinning its fans as if it wanted to fly, so I went for some cloud hosted models. The thing works as advertised, but token consumption is through the roof. of course ymmv depending on the LLM you choose.
But my main takeaway is that from the security standpoint this is a ticking bomb. Even under Docker, for these things to be useful there is no going around giving it credentials and permissions that are stored in your computer where they can be accessed by the agent. So, for the time being, I see Telegram, my computer, the LLM router (OpenRouter) and the LLM server as potential attack/exfiltration surfaces. Add to that uncontrolled skills/agents from unknown origins. And to top it off, don't forget that the agent itself can malfunction and, say, remove all your email inboxes by mistake.
Fascinating technology but lacking maturity. One can clearly see why OpenAI hired Clawdbot's creator. The company that manages to build an enterprise-ready platform around this wins the game.
mentalgear 1 days ago [-]
> One can clearly see why OpenAI hired Clawdbot
Hype, mainly buying Hype before their IPO. The project is open source and the thinking behind it is not difficult, if they truly wanted they could have done it a long time ago or even without the guy. It was a pure hype 'acquisition' of a project that become popular for amateur programmers that got into it through vibe-coding and are unaware of the consequences and security exposure they subject themselves at.
btbuildem 1 days ago [-]
They absolutely purchased the hype momentum. It would've been cheaper to copy the project, but it's not about the functionality it provides.
bitmasher9 1 days ago [-]
This is the Siri-brained explanation. The Apple AI assistant has been stagnant for 10 years. Therefore assistants as a whole cannot be good.
This is so clearly the next step from Siri to Alexa to {Openclaw like technology}, that is an interface to technology that loads of people find value in everyday, and loads of people complain doesn’t have enough capabilities.
skybrian 1 days ago [-]
Instead of putting secrets in the same VM as the agent where they could be exfiltrated, they should be in an http proxy outside the sandbox. [1][2]
The credentials-on-device thing is the real blocker for a lot of people. I built atmita.com going the other way: cloud-hosted so nothing lives on your box, OAuth handled on the server, and a safe mode where destructive actions wait for phone approval before they fire. Not based on OpenClaw, built from scratch, so the Docker/token-exfil surface isn't part of the stack.
traderj0e 1 days ago [-]
I'm more interested in the MS-DOS part about this than the OpenClaw part. That thing about reworking OSes from the ground up, it seems like we're overdue for that on the desktop side. Of course people have tried, but each time it was part of making some mobile-desktop Frankenstein UI nobody wanted, not fixing the problem by itself.
Using my Mac or Windows PC, it's very rare that I actually want an app to access files on its own that it didn't create. Like if I write a doc in Word, I'm only going to edit it in Word. I might want to email a copy to someone, but that doesn't mean Mail needs RW access to the original. I might copy a video clip into editing software, but again it doesn't need to touch the original. Programs often need their own dirs for caches, settings, etc, and those don't even need to be read by other programs. It's also annoying how they can write anywhere in ~/ and end up scattering stuff in random places. The iPhone sandboxing system works great for all that, where apps have to explicitly share to others. The Mac file access rules tried to address this but still seem like Swiss cheese while also getting in the way of normal usage, and there's seemingly nothing in Windows or Linux (unless you're going out of your way with jails).
Other APIs besides file are a bigger challenge. That was gated away from the start on iPhones but not on desktop OSes. If they don't find a solution, web and mobile apps are going to keep taking over.
kccqzy 1 days ago [-]
Your worldview aligns very well with what Apple is doing anyways. All you need to do is to use macOS, and only download apps from the Mac App Store (because they are sandboxed). And millions of non-technical Apple users are doing just that. It seems like what you describe is basically already a reality, so why is there a need for a reworking from the ground up?
traderj0e 1 days ago [-]
It's still not like the iPhone sandboxing, it's a bandaid. Many of them genuinely need wide access to function, so just asking for permission doesn't really solve the problem. Like when you open a file in the picker, that's actually granting RW access to the entire dir permanently. On top of fixing the technical side, they need it to feel safe to the user, which right now it doesn't.
Separately, idk if anyone is only installing from the Mac App Store. You can't even get Chrome that way. It's also just bad, like it bothers you about login, then apps get stuck in half-downloaded state.
But yeah if anyone can pull this off, it'd be Apple, seeing how frequently they'll break apps by requiring new APIs.
kccqzy 1 days ago [-]
Well on iOS if you grant an app Files & Folders permission it also has permanent RW access to all your files visible in the Files app. I could use for example Möbius Sync (Syncthing) to sync all my documents from my desktop, then use PDF Viewer to annotate a PDF that was stored in the Möbius sync app. Users want this behavior which is why Apple finally relented and added the Files app and associated APIs. Why wouldn’t users feel safe?
traderj0e 24 hours ago [-]
It's a niche feature that most apps don't need to function. If apps relied on that harder and people were constantly managing important files in there like on a desktop, they probably wouldn't feel safe with the permissions.
I had to look to see what's even in my phone's Files app... looks like WhatsApp saved its received photos in there and I accidentally downloaded a couple of files in Safari. Except I didn't give WhatsApp permission, so idk what the rules are with that.
ieie3366 24 hours ago [-]
All 3 of the big OSes have extreme amounts of business critical code from the 90s and 80s. Code that is complete spaghetti, with no automated tests, no peer reviews, no changes for decades, and written in C of course (objective C in case of apple)
That alone is a reason to start over with a from-scratch mes desktop OS implementation
Microsoft and Apple both have more than enough money to do it. It would be a ~10 year project. It would not make money which is why it’ll never be done.
daotoad 23 hours ago [-]
1. Starting from scratch is rarely a good idea.
2. It always sounds like a better idea than it actually is.
3. Item 2 is true even if you think you've accounted for item 1.
Is there something specific that you want that cannot be implemented reasonably on existing systems?
Unless you have a specific compelling benefit that only a rewrite can grant, focused narrow rewrites are the way.
tjwebbnorfolk 23 hours ago [-]
Ok but if "it has a lot of ugly code" is the best reason to re-invent the OS, then we're not off to a very good start. It needs a purpose that the user can relate to.
traderj0e 24 hours ago [-]
Then again iOS is underpinned by a lot of that same code. I don't know if it needs to be that deep of a rewrite.
ieie3366 11 minutes ago [-]
iOS is something of a ship of Theseus I believe, all the code has already been rewritten over the years, only the core architecture itself is unchanged from the 90s but with a modernized codebase
ryandrake 23 hours ago [-]
> Using my Mac or Windows PC, it's very rare that I actually want an app to access files on its own that it didn't create. Like if I write a doc in Word, I'm only going to edit it in Word. I might want to email a copy to someone, but that doesn't mean Mail needs RW access to the original.
I think this depends on your definition of an app. When I write a text file in vim, I definitely want grep and sed and awk to have access to it. When I edit a source code document with VSCode, I want Python to be able to read and interpret it. To me, the core of computing is documents that are passed along from app to app, gaining value at each step.
traderj0e 23 hours ago [-]
vim, grep, sed, and awk would need to inherit permissions from the shell for this kind of sandboxing to be reasonable there, maybe on account of being child processes. I wouldn't want to sacrifice any usability there, I do everything in CLIs.
20after4 23 hours ago [-]
https://flatpak.org/ does this on Linux and someone else already pointed out, MacOS does this with app store apps. I don't like handing control to Apple so I much prefer the FlatPak solution - you get very detailed and fine grained control over what each app can see and it works fairly seamlessly. It's still a bit technical - but not far from being user friendly even for a less tech savvy user.
com2kid 23 hours ago [-]
Linux has Snap, and Flatpak, and sometimes an app works with one or not the other.
It is the worst of both worlds.
I especially love how flatpak has its own version of graphics drivers, which results in my browser flatpak updating to a version that has a mismatch between my system drivers, flatpak, and the browser.
Too many bloody layers of abstraction.
traderj0e 22 hours ago [-]
But say the Flatpak strategy were adopted fully, would it solve this? I've never noticed the permission difference between using (Snap or Flatpak) vs not, but I need to try it more.
notnullorvoid 23 hours ago [-]
> there's seemingly nothing in Windows or Linux
Linux has flatpak
ymolodtsov 1 days ago [-]
I run OpenClaw on a $4 VPS with read-only access to most of the accounts.
Just this morning I asked it to confirm how exactly our company is paying for a particular service and whether we ever switched to the vendor directly. In about 30s it found all the necessary emails and provided me with a timeline.
It's like your actual asssitant. Now, most of this can be done inside ChatGPT/Claude/Codex now. Their only remaining problem for certain agentic things is being able to run those remotely. You can set up Telegram with Claude Code but it's somehow even more complicated than OpenClaw.
eggy 1 days ago [-]
I ran Minix around 1991 on my Amiga computer. Minix had a smaller attack surface and isolation provided by its microkernel vs. Linux's monolithic kernel. I had the Minix textbook, and it was easier to think about it because of the split along modules. I personally think Minix vs. Linux was very similar to Betamax vs. VHS. Betamax was technically superior, but the market picked VHS. I may run Minix again on my old Lenovo T430u from 2012. I was amazed that some of the code to Minix was in the appendix of the book, sort of like the magazines with pages of code to hand type in games or toy programs. I guess I liked MS-DOS for the same reason: tinkering, from my PEEK and POKE back in my Commodore PET 2001 (1977) and Vic-20 days...
jjmarr 1 days ago [-]
Betamax had better picture quality but only had 1 hour of capacity. VHS had 2 hours. Consumers preferred not having to switch tapes to higher picture quality.
Convenience is a technical advantage. That's why streaming later beat Blu-ray despite a regression in picture quality.
pbhjpbhj 1 days ago [-]
Surely you'd just make the tape/cassette larger? Remember laserdisc?
I remember watching something on Betamax, possibly Star Wars but have no recollection of changing tape. My dad was a teacher and had access to a VT player on my birthday. On other occasions he would bring home a BBC Microcomputer. Quite a treat when we couldn't afford to buy our own TV even.
> Surely you'd just make the tape/cassette larger?
Originally, Betamax increased physical tape length, but cutting tape speed (like how vinyls can play at different RPMs) was a more economical way of cramming more hours onto the same tape by cutting quality.
Both VHS and Betamax went through multiple phases of this. Eventually VHS won by being cheaper.
But this wasn't Sony's strength and VHS was consistently cheaper for longer movies.
CodeWriter23 1 days ago [-]
Was quality even an issue at 480i?
mjg59 1 days ago [-]
Yes - VHS had limited luma bandwidth that was about 50% of broadcast TV, and extremely limited chroma bandwidth (the equivalent of about 40 pixels per line). There's a reason laserdisc existed.
kjs3 1 days ago [-]
Spot on...as I recall, you really couldn't tell the difference between VHS and Betamax unless you had a studio-grade CRT. Well...that's probably unfair...you could tell an difference, but not an enormous difference. It wasn't like going from 480i->1080p; not even to 720i. On our old analog TV there wasn't remotely enough 'wow' to justify the price difference and other limits, so dad took back the BM player and got a VHS.
bsder 23 hours ago [-]
I also seem to remember that Betamax made it far more difficult to get equipment and tapes in order to produce pornography.
That conceded a big chunk of early adopters to VHS.
jjmarr 23 hours ago [-]
I thought this was true for a while, but it seems to be a side effect of Betamax being more expensive in general.
The counterexamples that convinced me were Grok and Steam VR aren't taking significant marketshare from ChatGPT and Oculus despite having better support for adult content.
Originally, I thought this would kill Oculus given that's the most popular use of VR, but nope.
bsder 22 hours ago [-]
Porn tech usage is driven by solving some problem from the previous generation.
Videotape solved the "can't watch film porn at home" problem. Online payments and delivery solved the "need to risk going to the store to buy porn" problem.
What does VR porn solve over just watching standard porn on your monitor/TV?
And because of the resolution limitations, aren't VR headsets actually worse for watching porn than modern 4K monitors?
jjmarr 21 hours ago [-]
It's not immersive/interactive compared to the real thing.
Ironically, AI is solving this better than VR did. Many people are in relationships with AI girlfriends. Not many are in relationships with VR waifus.
bsder 21 hours ago [-]
Well, interactivity was solved by OnlyFans, no? And OnlyFans seems to butcher video quality pretty badly yet it doesn't seem to dissuade people very much.
overfeed 1 days ago [-]
> I may run Minix again on my old Lenovo T430u from 2012.
If your old Lenovo has vPro/Intel AMT - then you already are running Minix.
BirAdam 1 days ago [-]
And, you're running Minix on a 486.
Dwedit 1 days ago [-]
DOS wasn't normally used with a network. No network = far less need for security.
gus_massa 1 days ago [-]
But you were sharing floppy disk all time, it was sneakernetted.
jandrese 1 days ago [-]
And boot sector viruses were a plague in the DOS era, especially for computer labs. It only took one person bringing in an infected disk before the whole thing was a vector for Stoned Empire Monkey or something.
organsnyder 1 days ago [-]
Home computers weren't normally networked, but enterprise computers (such as the Walmart example given) absolutely were.
happyopossum 1 days ago [-]
They weren’t connected to the internet though, and there weren’t state sponsored hackers on the other side of the world that could access them.
icedchai 23 hours ago [-]
Many enterprise computers were connected to phone lines. A few were connected to global X.25 networks like Telenet/Tymnet. Some were even on the early Internet. True, they were unlikely to be DOS systems, but plenty of DOS systems also doubled as terminals.
HoldOnAMinute 1 days ago [-]
People had morals back then... you could trust good people to do the right thing.
Havoc 1 days ago [-]
I seem to recall the dos days being quite virus infested
jandrese 1 days ago [-]
In the DOS era? The "Don't copy that floppy" era?
Froztnova 1 days ago [-]
Ah yes, the moral height of humanity: The 1980s.
thesz 1 days ago [-]
Is it possible to get hacked through US Robotics Courier?..
luxuryballs 22 hours ago [-]
Likewise for OpenClaw if you never give it anything sensitive it can have plenty of network, keep any work backed up and if anything happens you just flash a new drive. The trick with computer security is not putting secrets on the computer to begin with.
jorgeortiz85 1 days ago [-]
Good thing OpenClaw never needs to be used with a network. Oh, wait…
Andrex 1 days ago [-]
Except networkization was inevitable and I'm sure the smart people in the room saw it coming.
GuB-42 1 days ago [-]
For what I remember, networkization with DOS was a PITA so set up. You didn't have a convenient system API with sockets. You had to mess with interrupts, registers, etc... Your app had to be programmed for your specific hardware, and networking looked more like talking to serial ports than anything else.
Remember that DOS is single process, it is not as if you could run a service just like that. You could mess with interrupt handlers, but you had to do the scheduling yourself, and make sure your code is small, because shockingly, 640k may not be enough for everyone.
MS-DOS simply wasn't a good choice for networking, and not just because of the lack of security. In fact, it could turn out to be more secure than modern systems because of the limited attack surface. No crazy framework stacks here, just your code and the network card.
I agree that sandboxing whole agent is inadequate: I am fine sharing my github creds with the gh CLI, but not with the npm. More granular sunboxing and permission is what I'd like to see and this project seems interesting enough to have a closer look.
I am not interested in the "claw" workflow, but if I can use it for a safer "code" environment it is a win for me.
mkesper 1 days ago [-]
When the agent uses your GH credentials to nuke all your projects or put out a lot of crap, this separation will not save you.
nopurpose 1 days ago [-]
whitelisting `gh` args should solve it. Event opencode's primitive permission system allows that.
tredre3 16 hours ago [-]
The ability to whitelist specific args for commands has been the source of several (countless?) sudo CVEs over the years.
stared 1 days ago [-]
I don’t get this OpenClaw hype.
When people vibe-code, usually the goal is to do something.
When I hear people using OpenClaw, usually the goal seems to be… using OpenClaw. At a cost of a Mac Mini, safety (deleting emails or so), and security (litelmm attack).
Someone 1 days ago [-]
In the early 1980’s, what did people use home computers such as Atari’s and Commodore 64’s for? Mostly playing games; nerds also used their computer with the goal seeming to be… using their computer.
It wasn’t (only) that, though; they also learned, so that, when people could afford to buy computers that were really useful, there were people who could write useful programs, administer them, etc.
Same thing with 3D printers a decade or so ago. What did people use them for? Mostly tinkering with hard- and software for days to finally get them to print some teapot or rabbit they didn’t need or another 3D printer.
This _may_ be similar, with OpenClaw-like setups eventually getting really useful and safe enough for mere mortals.
But yes, the risks are way larger than in those cases.
Also, I think there are safer ways to gain the necessary expertise.
projektfu 1 days ago [-]
I used the Commodore 64, and later MS-DOS on an AT, to do typical computer tasks. Word processing, simple programs to automate things, spreadsheets, databases. We had a copy of Enable, a "Works"-like suite. I didn't have income taxes but I knew people who used DOS programs for that. Online things, mostly BBS for me, using Telix or Telemate and some QWK mail reader. BASICA programming. My machine wasn't really powerful enough for Windows and I didn't have a mouse.
My Dad used PC-Scheme a lot, working on his side projects.
Of course, also games.
enoint 1 days ago [-]
Back in the early 80s, some people used home computers as seriously as they used work computers:
- organize follow-up reminders for business calls. Automate a modem-based upload.
- crunch investment options in commodities. Not in an econometric way, but a table listing which analyst said what and which analyst was silent. Automate a modem-based upload.
So, with regard to the article, we can presume the author did claw-like things with DOS. As he aged, now he probably needs to organize many trips to doctors and specialists. Who is doing all that administration for your older folks?
eloisant 1 days ago [-]
The idea is to get a virtual personal assistant. Like Siri or Gemini but with access to all of your accounts, computers, etc. (Well whatever you give it access to). Like having a butler with access to your laptop.
From what I understand, the main appeal isn't the end result, but building that AI personal assistant as a hobby is the appeal.
valeena 1 days ago [-]
With a goal like this I could, at least on paper, find it useful... But I'm curious to see if this goal is really achievable, or if it easily is
Gareth321 1 days ago [-]
That is my goal and I invested a few dozen hours into the endeavour. My honest review is:
1. Something like OpenClaw will change the world.
2. OpenClaw is not yet ready.
The heart of OpenClaw (and the promise) is the autonomy. We can already do a lot with the paid harnesses offered by OpenAI and Anthropic, so the secret sauce here is agents doing stuff for us without us having to babysit them or even ask them.
The problem is that OpenClaw does this is an extreme rudimentary way: with "heartbeats." These are basically cron jobs which execute every five minutes. The cron job executes a list of tasks, which in turn execute other tasks. The architecture is extremely inefficient, heavy in LLM compute, and prone to failure. I could enumerate the thousand ways it can and will fail but it's not important. So the autonomy part of the autonomous assistant works very badly. Many people end up with a series of prescriptive cron jobs and mistakenly call that OpenClaw.
Compounding this is memory. It is extremely primitive. Unfortunately even the most advanced RAG solutions out there are poor. LLMs are powerful due to the calculated weights between parametric knowledge. Referring to non-parametric knowledge is incredibly inefficient. The difference between a wheelchair and a rocket ship. This compounds over time. Each time OpenClaw needs to "think" about anything, it preloads a huge amount of "memories" into the query. Everything from your personal details to architecture to the specific task. Something as simple as "what time is it" can chew through tens of thousands of tokens. Now consider what happens over time as the agent learns more and more about you. Does that all get included in every single query? It eventually fails under its own weight.
There is no elegant solution to this. You can "compress" previous knowledge but this is very lossy and the LLMs do a terrible job of intelligently retaining the right stuff. RAG solutions are testing intelligent routing. One method is an agentic memory feedback loop to seek out knowledge which might exist. The problem is this is circular and mathematically impossible. Does the LLM always attempt to search every memory file in the hope that one of the .md files contains something useful? This is hopelessly slow. Does it try to infer based on weekly/monthly summaries? This has proven extremely error-prone.
At this point I think this will be first solved by OpenAI and/or Anthropic. They'll create a clean vectorised memory solution (likely a light LLM which can train itself in the background on a schedule) and a sustainable heartbeat cadence packaged into their existing apps. Anthropic is clearly taking cues from OpenClaw right now. In a couple of years we might have a competent open source agent solution. By then we might also have decent local LLMs to give us some privacy, because sending all my most intimate info to OpenAI doesn't feel great.
feigewalnuss 1 days ago [-]
Disclosure: I wrote the linked post.
Heartbeat cron and naive memory are the right thread to pull. Agree.
The problem is the data/trust boundary. One agent process, one credential store, all channels sharing both. Whenever we scale the memory up, which we all want to do, we scale the disaster radius of every prompt injection with it.
Wirken accounted for this in the first design step. Per-channel process isolation. Handshakes between adapters and the core. Compile-time type constraints so a Discord adapter cannot construct a Telegram session handle. Encrypted credential vault. Hash-chained audit log of every action. All, remaining model-agnostic, so local models and confidential-compute providers are drop-in.
Your memory point is still unsolved at this layer. When memory does get solved, you want the solver running where it cannot leak the wrong credentials to the wrong channel. Otherwise the smarter it gets, the worse the breach.
zozbot234 1 days ago [-]
> Compounding this is memory. It is extremely primitive. ... Now consider what happens over time as the agent learns more and more about you. Does that all get included in every single query? It eventually fails under its own weight.
Agentic coding has all of the same issues and it gets solved much the same way: give LLMs tool calls to file persistent memories by topic, list what topics are available (possibly with multiple levels of subtopics in turn) and retrieve them into the context when relevant. Not too different from what humans do with zettelkasten and the like.
sonink 1 days ago [-]
Not sure why you think Agentic coding is solved - it isnt imo, and exactly because of the same memory issues.
d0gsg0w00f 1 days ago [-]
I have OC on a VPS. So far it's a way for me to play with non-Claude models and try to get them to get OC under control. So far I'm about $200 all in and OC is still not under control. Every few weeks it goes on an ACP bender and blows my credits in hidden sub-agents for no damn reason. I'm determined to break this horse though, it's like a fun video game with a glitchy end boss.
valeena 1 days ago [-]
For how long have you been using it for it to have consumed $200? For me it sounds like a lot (still a student) but it doesn't seem to be the same for you
d0gsg0w00f 23 hours ago [-]
Two DO droplets (one for claw, one for code deploys because claw refuses to touch itself without exec approval) is about $60/month. Been running those for 6 weeks so only one billing cycle.
Then about $120 in API credits from Anthropic, xAI, openrouter, openAI, and Gemini ( $25 here and there adds up).
Best bang for my buck has been with xAI grok-4.20-beta
valeena 23 hours ago [-]
What do you use it for?
SlinkyOnStairs 1 days ago [-]
The main "sales pitch" appears to be "You can have the computer do things for you without having to learn how to use a computer" (at the cost of now having to learn how to use a massively overcomplicated and fundamentally unreliable system; It's just an illusion of ease of use.)
The thread's linked article is about comparing MS-DOS' security, but the comparison works on another level as well: I remember MS-DOS. When the very idea of the home/office computer was new. When regular people learned how to use these computers.
All this pretension that computers are "hard to use", that LLMs are making the impossible possible, it's all ahistoric nonsense. "It would've taken me months!" no, you would've just had to spend a day or two learning the basics of python.
stared 1 days ago [-]
I was one of those using MS-DOS (still I remember blue Norton Commander). I didn't understand people mocking it later - as it just worked. Enough to run the Prince of Persia, Doom or so. Or edit text files. (As an excuse, I was just ~7 yo back then.)
david_shi 18 hours ago [-]
The real goal is putting coding agent style power into the hands of non-developers who are intimidated by terminals and IDEs.
It's a simple idea, but as a self-taught dev I still remember how foreign these tools first felt.
Havoc 1 days ago [-]
It’s basically a reimagined n8n like low code platform with LLM magic. Digital glue
That’s why there isn’t a coherent use story because like glue the answer is whatever the user needs to glue/get done
azmz 1 days ago [-]
Kind of agree. The people getting real value seem to be using it for actual work (inbox triage, scheduled check-ins, admin loops), not the ones who set it up to play with it. I built atmita.com as a cloud-hosted take on that, built from scratch (not based on OpenClaw), so there's no Mac Mini to babysit, and Safe Mode routes any send or delete through a phone approval before it hits your account.
leonidasrup 1 days ago [-]
OpenClaw, the ultimate arbitrary code execution
classified 1 days ago [-]
Didn't you always want to let everyone else do remote code execution on your computer?
1 days ago [-]
thenthenthen 1 days ago [-]
To me openclaw sounds like a software clickfarm?
piker 1 days ago [-]
Is anyone finding value in these things other than VCs and thought leaders looking for clicks and “picks and shovels” folks? I just personally have zero interest in letting an AI into my comms and see no value there whatsoever. Probably negative.
TheDong 1 days ago [-]
I find some value as kinda a better alexa.
I have it hooked up to my smart home stuff, like my speaker and smart lights and TV, and I've given it various skills to talk to those things.
I can message it "Play my X playlist" or "Give me the gorillaz song I was listening to yesterday"
I can also message it "Download Titanic to my jellyfin server and queue it up", and it'll go straight to the pirate bay.
It having a browser and the ability to run cli tools, and also understand English well enough to know that "Give me some Beatles" means to use its audio skill, means it's a vastly better alexa
It only costs me like $180 a month in API credits (now that they banned using the max plan), so seems okay still.
swiftcoder 1 days ago [-]
> It only costs me like $180 a month in API credits (now that they banned using the max plan), so seems okay still.
I have a hard time imagining how much better Alexa would have to be for me to spend $180/month on it...
miroljub 1 days ago [-]
Just to clarify to people focusing on the $180/month price tag.
OpenClaw is not a CC-only product. You can configure it to use any API endpoint.
Paying $180/month to Anthropic is a personal choice, not a requirement to use OpenClaw.
ThunderSizzle 1 days ago [-]
So that leads to a question: Is there a physical box I could buy that an amortize over 5-7 years to be half the API cost?
In other words, assuming no price increase, 7 years of that pricing is $15k. Is there hardware I could buy for $7k or less that would be able to replace those API calls or alternativr subs entirely?
I've personally been trying to determine if I should buy a new GC on my aging desktop(s), since their graphic cards can't really handle LLMs)
ekidd 1 days ago [-]
You can't realistically replace a frontier coding model on any local hardware that costs less than a nice house, and even then it's not going to be quite as good.
But if you don't need frontier coding abilities, there are several nice models that you can run on a video card with 24GB to 32GB of VRAM. (So a 5090 or a used 3090.) Try Gemma4 and Qwen3.5 with 4-bit quantization from Unsloth, and look at models in the 20B to 35B range. You can try before you buy if you drop $20 on OpenRouter. I have a setup like this that I built for $2500 last year, before things got expensive, and it's a nice little "home lab."
If you want to go bigger than this, you're looking at an RTX 6000 card, or a Mac Studio with 128GB to 512GB of RAM. These are outside your budget. Or you could look at a Mac Minis, DGX Spark or Strix Halo. These let you bigger models much slower, mostly.
ThunderSizzle 1 days ago [-]
Thanks. That is what I suspected. The 3090's in my area seem pretty expensive for a several year old second hand card - they are the same price as a new 5080.
5090 is pretty expensive (~$4000) to justify it over a $10-50 sub. I guess the nice thing is the api side becomes "included", if I ever want to go that route. But if I have a GHCP $40 sub vs a $4000 GC to match it, just on hardware, pay off is at 8 years. If I add in electricity, pay off is probably never.
Sure, the sub can go up in price, but the value proposition for self-running doesn't seem to make sense - especially if I can't at least match Sonnet on GHCP or something like that.
I hope to self-run some not useless LLMs/Agents at some point, but I think this market needs to stabalize first. I just don't like waiting.
happyopossum 1 days ago [-]
> or a Mac Studio with 128GB to 512GB of RAM. These are outside your budget.
M3 ultra with 80GOu cores and 256GB of ram is $7500 - that’s right at the edge of the budget, but it fits.. if you can get an edu discount through a kid or friend you’re even better off!
TheDong 1 days ago [-]
You can buy a roughly $40k gpu (the h100) which will cost $100/mo in electricity on top of that to get about 30-80% the performance of OpenAI or Anthropic frontier models, depending what you're doing.
Over 5 years, that works out to ~$45k vs ~$10k, and during that duration, it's possible better open models will come available making the GPU better, but it's far more likely that the VC-fueled companies advance quicker (since that's been the trend so far).
In other words, the local economics do not work out well at a personal scale at all unless you're _really_ maxing out the GPU at close to 50% literally 24/7, and you're okay accepting worse results.
As long as proprietary models advance as quickly as they are, I think it makes no sense to try and run em locally. You could buy an H100, and suddenly a new model that's too large to run on it could be the state of the art, and suddenly the resale value plummets and it's useless compared to using this new model via APIs or via buying a new $90k GPU with twice the memory or whatever.
vrganj 1 days ago [-]
This feels like it should be state infrastructure, the way roads, railroads and the postal system are.
dsr_ 1 days ago [-]
This feels like a market which hasn't settled into long-term profitability and is being subsidized by investors.
happyopossum 1 days ago [-]
And who is doing the research on this, training the models, and building new frontier models in your version of the world?
TheDong 1 days ago [-]
Note that the (edit: US) postal system is a for-profit system.
Given the trends of the capitalist US government, which constantly cedes more and more power to the private sector, especially google and apple, I assume we'll end up with a state-run model infrastructure as soon as we replace the government with Google, at which point Gemini simply becomes state infrastructure.
fineIllregister 1 days ago [-]
> Note that the (edit: US) postal system is a for-profit system.
That's not correct. If USPS makes more revenue than their expenses for a year, they can't pay it out as profits to anyone.
It's true that USPS is intended to be self-funded, covering it's costs through postage and services sold, and not tax revunue. That doesn't mean there's profit anywhere.
Supermancho 1 days ago [-]
> Note that the (edit: US) postal system is a for-profit system.
Pricing in the US postal system is not based on maximizing profit. Ths US postal system is not a for-profit system, at all. It is a delivery system (more or less) that happened to start turning a profit (2006) until PAEA. After that, the next time it made a profit was 2025.
happyopossum 1 days ago [-]
The USPS is self funding, not for-profit. The difference is both significant and consequential.
vrganj 1 days ago [-]
> Note that the postal system is a for-profit system.
That depends on the country in question :-)
zozbot234 1 days ago [-]
For something like OpenClaw you realistically only need rather slow inference, so use SSD offload as described by adrian_b here: https://news.ycombinator.com/item?id=47832249 Though I'm not sure that the support in the main inference frameworks (and even in the GGUF format itself, at least arguably) is up to the task just yet.
wasfgwp 1 days ago [-]
You can use several times cheaper models than Claude as well, its not like you need anything big to handle all the uses cases listed above
swiftcoder 1 days ago [-]
Yeah, something like MiniMax m2.7 should be perfectly capable for this sort of thing, and is 10-20x cheaper
BirAdam 1 days ago [-]
You can get quite good models running on a Mac Studio, but these will not rival a frontier model.
$3,699.00
M4 Max 16c/40c, 128GB of RAM, 1TB SSD.
LM Studio is free and can act as a LLM server or as a chat interface, and it provides GUI management of your models and such. It's a nice easy and cheap setup.
rcxdude 1 days ago [-]
For something the size of Claude, probably not. But for smaller models, maybe (though they also are much cheaper to buy tokens for)
TheDong 1 days ago [-]
I mean, I'm getting $180/mo worth of fun out of playing with it and figuring out what it can do that it's worth it.
Like, no one bats an eye at all the people paying $100/mo for Hulu + Live TV, or paying $350/mo for virtual pixels in candy crush / pokemon go / whatever, and I'm having at least that much fun in playing with openclaw.
hunter-gatherer 1 days ago [-]
Everyone in my circle would seriously bat an eye at all those numbers. Congrats on making it to the upper class.
LeifCarrotson 1 days ago [-]
In my circle you'd get called out for taking on a $350 car payment much less a mobile game.
whilenot-dev 1 days ago [-]
Just for reference: I pay 8€ for mobile, 40€ for internet and some occasional 5€ for VPNs each month. That's all the digital service subscriptions I'll need to have fun.
MisterTea 1 days ago [-]
I think paying $180/month because you don't want to walk 10 feet to a light switch or forgot the name of a 25 yo Gorillaz song you just heard is absurdly stupid.
pydry 1 days ago [-]
I think quite a lot of people would bat an eyelid at those things.
If any of my friends admitted to spending $350/mo on candy crush i'd think that they'd badly need help for a gambling problem.
nickthegreek 1 days ago [-]
You could be doing for ALOT cheaper using something like minimax m2.7 for subagents. You dont need to be throwing all that cash out the door.
icedchai 1 days ago [-]
What are you using it for, seriously?
The things I want to use it for (like gathering weekly reports across a half dozen brokerage and bank accounts) are not things I'd trust it to do.
vovavili 1 days ago [-]
I do see how a very busy businessman or a venture capitalist would gladly pay 180$/month to offload chores and mundane work from his schedule. That comes down to 6$/month, which probably matches his monthly coffee budget.
ThunderSizzle 1 days ago [-]
Chores, yes. If there was a $180/month where ALL my families chores could be accomplished, I'd consider it.
That means picking up and cleaning the house after 3 kids and a dog. Grocery shopping. Dishes. Laundry. Chores.
Tech crap? Nope.
vovavili 1 days ago [-]
I would imagine that the list of digital chores of a very busy businessman are a bit more extensive. Even in your list, groceries is something that becomes digital once you're high enough in income.
StilesCrisis 1 days ago [-]
My grocery store has offered a pick-up or delivery option ever since COVID. Pick-up actually cost nothing extra. It's been years since we used it so I can't say definitively that it's still free, but the downside wasn't cost: it was the ability to pick the best item. If you let the store choose, you'll get the saddest looking produce every time, and the meat that's set to expire tomorrow.
vovavili 1 days ago [-]
To each his own.
StilesCrisis 1 days ago [-]
Does anyone pick the soggy vegetables and near-expired milk? This isn't really a preference--it's the store choosing what's in their best interest instead of your own.
mh- 1 days ago [-]
We have our groceries delivered every week (sometimes semi-weekly), and have done since 2018 or so. The people who pick the order work for the store, the people who deliver are gig workers.
The only "selection" complaint I regularly have had is the bananas are nearly always very unripe - like several days from being edible. But then I went to the store myself for several weeks and realized they just never have ripe bananas.
In other words, they're doing as well as I could do if I were shopping it myself.
ThunderSizzle 1 days ago [-]
Not really. Groceries have to be planned based on existing pantry state (current manual analysis), and future desired meals. Then produce a delta of what you have and what you want for those different meals.
Then you have a shopping list. You can do the shopping digitally now a days, but once it's delivered, now you have to organize it into the pantry existing stock, probably with a way to ensure older items are used first. This might involve separating out certain ingredients into smaller packaging and freezing some for later use.
That is all very manual, and I don't see how digitizing one part greatly simplifies it, especially if the digitization is error prone.
In a high enough income state, the answer is you hire a personal household chef or something like that. That isn't digitizing the problem- that is outsourcing it.
retired 1 days ago [-]
> It only costs me like $180 a month in API credits
In The Netherlands you can get a live-in au-pair from the Philippines for less than that. She will happily play your Beatles song, download the Titanic movie for you, find your Gorillaz song and even cook and take care of your children.
It's horrible that we have such human exploitation in 2026, but it does put into perspective how much those credits are if you can get a real-life person doing those tasks for less.
quietbritishjim 1 days ago [-]
I'm surprised to read that. Here in the UK, having a live-in au pair doesn't excuse you from paying the minimum wage for all the hours that they're working (approx $2300/month for a 35 hour week). You can deduct an amount to account for the fact that you're providing accomodation but it's strictly limited (approx $400/month).
swiftcoder 1 days ago [-]
The Netherlands has a weird and exploitative setup where you can classify your au pair as a "cultural exchange", and then pay them literal peanuts (room and board plus a token amount of "pocket money")
__alexs 1 days ago [-]
Another weird cultural quirk of the Dutch that will hopefully go the way of Zwarte Piet one day.
retired 1 days ago [-]
From what I can see online, the average compensation that an au-pair in The Netherlands receives is 300 euro per month, with living expenses being covered by the family. There is no minimum wage requirement for au-pairs like in the UK or the US.
aianus 1 days ago [-]
A semi-skilled English-speaking customer service agent in PH makes less than $700 a month to put this into perspective.
Working abroad is a totally reasonable proposition compared to working in the Philippines.
spockz 1 days ago [-]
The added cost of having an additional person to provide room and food for way exceeds that €300/month. Especially, when taking into consideration that you might have to extend/renovate the house to lodge another person. Adding an extra bedroom and possibly bathroom is not cheap.
jjcob 1 days ago [-]
Even if you assume the cost of lodging was 1000€ (which it isn't) then the au-pair would still be significantly underpaid.
A normal full time employee costs at least 2000€ a month (salary, tax, pension plan, health insurance, etc). If you are paying less than that you are definietly exploiting them.
1 days ago [-]
throwthrowuknow 1 days ago [-]
So in reality you’re paying for their food, electricity and heat, letting them rent a room for free, and allowing them the use of the other facilities in your home and on top of that you’re giving them a spending allowance of 300 euro.
swiftcoder 1 days ago [-]
The marginal cost of food/electricity/bed for adding one additional person to a family is drastically less than those things would cost for a person living alone. Whichever way you slice this, the employer is making out like a bandit under this scheme.
balamatom 1 days ago [-]
In fact, you could do this for a homeless person today, in any city on the globe! And never even ask them to do anything for you!
redsocksfan45 1 days ago [-]
[dead]
kombine 1 days ago [-]
We shouldn't have to "import" people from poorer countries to do the mundane tasks we got too lazy to do ourselves.
grosswait 1 days ago [-]
The concept of having this kind of help is totally foreign to me, but with the exception of one, every family I’ve encountered that had an au pair have been two very busy high earning parents, neither of them lazy. I think you could argue that perhaps priorities have been misplaced, but not lazy.
DrewADesign 1 days ago [-]
Surely that’s subsidized?
A lot of people in the Silicon Valley area spend that much ($6/day) on coffee. What they don’t realize is how out of touch they are in thinking makes sense for the rest of the fucking world. $180/mo is about 5% of the median US per capita income. It’s not going to pick your kids up from school, do your taxes, fix your car, or do the dishes. It’s going to download movies and call restaurants and play music. It’s a hobby, high-touch leisure assistant that costs a lot of money.
duskdozer 1 days ago [-]
They aren't selling it to the median US earner. They're selling it (and trying to generate FOMO) to the out of touch people so that it becomes so entrenched that the median earner will be forced to use it in some capacity through their interaction with businesses, schools, the government, etc.
DrewADesign 1 days ago [-]
The customer they’re picturing in their mind’s eye is obvious. The out of touch part comes in when you look at the size of that market— not big— with how likely that market is to grow drastically— not very— and the amount they’re investing in building the product— all of everything plus a bazillion. With what they’ve invested, if they end up with an institutional market the likes of Microsoft split up among the winners, they fucked up.
The economics of these businesses are based way more on hope and hype than rational analysis and planning.
wasfgwp 1 days ago [-]
Realistically you certainly don’t Anthropic’s models for those things and can get something for a fraction of the price on OpenRouter/etc.
rjh29 1 days ago [-]
Wow. I'd expect that from Singapore or UAE but finding it happen in a fairly developed Western country is a surprise.
vovavili 1 days ago [-]
Machines don't get tired, don't have to sleep, don't face principal-agent problems and can accumulate Skill.md instructions for decades without getting replaced. I definitely see the potential of something like OpenClaw for those who can afford it.
cameronh90 1 days ago [-]
You're paying the au pair partly in accommodation, food, bills and a visa. The visa isn't coming out of your bank account, but it's definitely part of the incentive, so you could see it as a government subsidy.
For comparison, a full time "virtual assistant" with fluent English from the Philippines costs upwards of $700/month nowadays.
BigTTYGothGF 1 days ago [-]
> In The Netherlands you can get a live-in au-pair from the Philippines for less than that
What a horrible situation.
CalRobert 1 days ago [-]
How is that remotely possible without committing enormous violations of labor law?
throwatdem12311 1 days ago [-]
Framed this way - then “replacing” this kind of human exploitation is definitely a good for humanity. If someone doing a job is practically a slave, then replacing them with an electron to token converter is a good thing.
The number one goal of AI should be to eliminate human exploitation. We want robots mining the minerals we use for our phones, not children. We should strive to free all of humanity from dangerous labour and the need for such jobs to exist.
If Elon Musk wants Optimus robots to help colonize Mars shouldn’t he be trying to create robots that can mine cobalt or similar minerals from dangerous mines and such?
esseph 1 days ago [-]
> The number one goal of AI should be to eliminate human exploitation.
I have some bad news.
_zoltan_ 1 days ago [-]
I doubt this is true in .nl. 180 a month is low for a live-in au-pair.
huflungdung 1 days ago [-]
> In The Netherlands you can get a live-in au-pair from the Philippines for less than that.
And you see nothing wrong with that?
tikotus 1 days ago [-]
I don't want to be judgemental, but I do find it funny that you're paying $180 for this convenience, and use it to pirate movies.
llmocallm 1 days ago [-]
Then allow me to be judgemental in your stead. I've done a similar setup as the above and completely locally. I dunno how they're paying so much, but that's ridiculously overpriced.
TheDong 1 days ago [-]
All the other models performed much worse for the skills I'm using. I tried gpt-5.1 (and then 5.4 again recently), and also tried pointing it at OpenRouter and using a few of the cheaper models, and all of them added too much friction for me.
Be judgemental all you want, but I feel like I'm paying for less friction, and also more security since my experiments also showed claude to be the least vulnerable to prompt injection attempts.
wasfgwp 1 days ago [-]
> models performed much worse for the skills I'm using
Hard to believe unless your are doing something much more complex than the things you listed
TeMPOraL 1 days ago [-]
It's not the only thing they're doing with it. I mean, the logic is sound - $180 goes into automating bunch of manual processes in personal life, one of which is getting movies, which in some cases involves going out on the high seas.
LeCompteSftware 1 days ago [-]
Let's also point out the $180 is going to a hideously evil AI company which pirated millions of books and movies.
puelocesar 1 days ago [-]
180 grand a month for PA is a lot of money. But I guess each person has its own priority. I mean, I can pay a very fancy gym with that price instead of the shitty popular one I go, which would probably improve my well being much more than asking to play Gorillaz
quietbritishjim 1 days ago [-]
"a grand" means a thousand (dollars or pounds or whatever). $180k / month really would be a lot of money. I'd be your PA for that!
puelocesar 1 days ago [-]
ok, now I wish there was an edit button. Thanks for noticing the mistake though
bluedel 1 days ago [-]
Am I right to be a little concerned by the phrase "it'll go straight to the pirate bay"?
Not to be a narc or anything, but is OpenClaw liable to just perform illegal acts on your behalf just because it seemed like that's what you meant for it to do?
jappgar 1 days ago [-]
Seems like the only people using pirate bay in 2026 are "privacy obsessed" rich middle-aged guys.
I think they do it mostly to feel young and edgy.
Supermancho 1 days ago [-]
I use it to get media for my family to watch on any tv using Plex. Sometimes I get books/manuals etc.
esseph 1 days ago [-]
> Not to be a narc or anything, but is OpenClaw liable to just perform illegal acts on your behalf just because it seemed like that's what you meant for it to do?
There's at least a couple of dozen instances right now, somewhere, getting very close to designing boutique chemical weapons.
Hendrikto 1 days ago [-]
180$/month to queue playlists does not “seem okay” at all. We must be living in different worlds.
xorcist 1 days ago [-]
> I can message it "Play my X playlist"
People do this? Or is it some sort of joke way above my head?
In what bizarre world is it easier to ask a massive LLM to play a playlist rather than ... literally hitting the play key on it?
chasd00 1 days ago [-]
One where there's 50 playlists and your hands are wet because you're right in the middle of doing dishes. Besides, your phone is in the other room anyway.
kirubakaran 24 hours ago [-]
I'd use a towel for such purposes :)
jappgar 1 days ago [-]
You're spendin 180 a month on tokens and still refusing to buy media like Titanic?
TheDong 1 days ago [-]
If you've figured out how to pirate Anthropic's models and enough GPUs to run it for less than my API costs, I'm all ears
jappgar 5 hours ago [-]
I haven't but I have figured out how to pay creators for media I enjoy. I spend less than 180 a month too.
janderson215 1 days ago [-]
While I love the idea of using it for home/personal automation (and it sounds like you've done a good job executing it), this comment makes it seem like avoiding paying for The Titanic is almost as important as having an OpenClaw-driven assistant/automation system.
qsera 1 days ago [-]
I have the almost same thing using a network connected raspberry-pi and no AI.
philipallstar 1 days ago [-]
> "Download Titanic to my jellyfin server and queue it up", and it'll go straight to the pirate bay
You could build up a legitimate collection for much less than $180/mo.
1 days ago [-]
coldtea 1 days ago [-]
Regarding Alexa, none of those use cases sound that useful to have an ever-present listening device at home, except if one is bedbound or something.
tempaccount5050 1 days ago [-]
Using OpenClaw for that is nuts. Claude or GPT could just one shot an app for you that does all that and uses 0 tokens once you've built it.
bigger_fish 1 days ago [-]
[dead]
vbezhenar 1 days ago [-]
Many wealthy people use human assistants to offload mundane work.
This is cheap replacement for ordinary people.
It's going to be big. But probably it's best to wait for Google and Apple to step up their assistants.
piker 1 days ago [-]
Yes, and that's because the workflow of those people generally requires managing a crazy, dynamic schedule including travel, meetings, comms, etc. Those folks need real humans with long-term memories and incentives to establish trust for managing these high-stakes engagements. Their human assistants might find these things useful, but there's zero chance Bill Gates is having an AI schedule his travel plans or draft his text messages.
OTOH, this isn't an issue for "ordinary people". They go to work, school, children's sports events, etc. If they had an assistant for free, most of them would probably find it difficult to generate enough volume to establish the muscle memory of using them. In my own professional life, this occurred with junior lawyers and legal assistants--the juniors just never found them useful because they didn't need them even though they were available. Even the partners ended up consolidating around sharing a few of them for the same reason.
Down in this thread someone mentions it being an advanced Alexa, which seems apt. Yes, a party novelty but not useful enough to be top of mind in the every day work flow.
Terr_ 1 days ago [-]
Side rant: A disproportionate amount of AI assistant marketing involves scenarios that look middle class, but actually require customers wealthy enough risk money on errors. Like buying the wrong thing, or even buying the right thing at the wrong price.
nainachirps_ 1 days ago [-]
I am ordinary people. I have adhd. I have been dying for assistance in scheduling and planning. Am not employed enough to afford hiring a human yet. Am hopeful these will reach maturity for me to he able to host one on my own device. Or find a private provider with good security model and careful data handling.
user_7832 1 days ago [-]
Not +1, but +100 to your comment (fellow ADHD'er here). Even a virtual friend who'd help me stay on track would be excellent, and if I had a physical human assistant... that would legitimately make many aspects of my life much better. (Simple example: I could ask them to nag me to exercise.)
vbezhenar 1 days ago [-]
Going to the shop and buying groceries is not hard work. But I don't do that since delivery became available. I'm lazy and delivery is free. Same for ordinary people needs. It's not a big deal to manage my life, but if I can avoid doing that for free, that's probably what I'll do. For $200? Not sure. For $20? Absolutely. So the question is already about price.
spockz 1 days ago [-]
Off-Topic: Are you sure delivery is free? When comparing prices online vs my local supermarket of the same brand, online prices trend higher. Locally the store also has more products on sale than available online. Only recently online shopping has become slightly cheaper because they now have “bulk” deals for 5-20% discount.
andai 1 days ago [-]
I'm not sure how solvable it is. It only takes one screw up to ruin the reputation, and a screw up is basically guaranteed.
The tech has existed for a while but nobody sane wants to be the one who takes responsibility for shipping a version of this thing that's supposed to be actually solid.
Issues I saw with OpenClaw:
- reliability (mostly due to context mgmt), esp. memory, consistency. Probably solvable eventually
- costs, partly solvable with context mgmt, but the way people were using it was "run in the background and do work for me constantly" so it's basically maxing out your Claude sub (or paying hundreds a day), the economics don't work
- you basically had to use Claude to get decent results, hence the costs (this is better now and will improve with time)
- the "my AI agent runs in a sandboxed docker container but I gave it my Gmail password" situation... (The solution is don't do that, lol)
See also simonw's "lethal trifecta":
>private data, untrusted content, and external communication
The trifecta (prompt injection) is sorta-kinda solved by the latest models from what I understood. (But maybe Pliny the liberator has a different opinion!)
feigewalnuss 1 days ago [-]
Disclosure: I wrote the linked post.
The "gave it my Gmail password" problem has a better answer than "don't do that." Security kicks itself out of the room when it only says no. Reserve the no for the worst days. The rest of the time, ship a better way.
That's why I built the platform to make credential leaks hard. It takes more than a single prompt. The credential vault is encrypted. Typed secret wrappers prevent accidental logging and serialization. Per-channel process isolation means a compromise in one adapter does not hand an attacker live sessions in the others.
"Don't do that" fails even for users trying their hardest. Good engineering makes mistakes hard and the right answer easy. Architecture carries the weight so the user does not have to.
On the trifecta being "sorta-kinda solved" by newer models, no. Model mitigations are a layer, not a substitute. Prompt injection has the shape of a confused-deputy problem and the answer to confused deputies has always been capabilities and isolation, not asking the already confused deputy to try harder.
You want the injection to fail EVEN when the model does not catch it.
andai 1 days ago [-]
Thanks. Yeah, I skipped that part in my comment, there are solutions for a lot of this stuff.
The one I see the most is brokers. Agent talks to a thing, thing has credential and does the task for the agent. Or proxies that magically inject tokens.
I think this only works for credentials though?
It doesn't solve the personal information part (e.g. your actual emails), right?
As for security, my solution was: keep it simple and limit blast radius.
Expect it to blow things up, and set things up so it doesn't matter when it happens.
I don't like docker so I just made a Linux user called agent. Agent can blow up all the files in its own homedir, and cannot read mine.
I felt really clever until I realized there's an even better solution: just give it a laptop (or Mac mini, or server, or whatever we're doing this week).
Same result but less pain in my ass. Switching users is annoying (and sharing files, and permission issues...). Also, worrying about which user I'm running stuff as... The thing just shouldn't be on my machine in the first place. It should have its own!
Functionally, its own Linux user or root on a $3 VPS are the same thing. It blows up the VPS, I just reset it.
For keys, I don't do anything fancy. It can leak all my keys. But if anyone steals them, they can exhaust my entire $5 prepaid balance ;) Blast radius limited.
But yeah, needs, tastes and preferences may differ.
feigewalnuss 16 hours ago [-]
Right, we have to see credentials and personal data as different problems. Wirken addresses the first directly and only partially the second. Session scoping keeps injection damage inside one channel's scope so a poisoned email cannot reach into your Telegram credentials. The model still reads the email content during that session, and any prompt injection in that content can still act within what just that session can reach.
The layer that addresses content-level flow is information-flow enforcement above identity. TriOnyx (https://github.com/tri-onyx/tri-onyx) looks at that exact problem: taint and sensitivity tracking, gateway kills on threshold breach.
It complements Wirken. You need identity before you can meaningfully ask what agent A has been exposed to.
On the agent-gets-its-own-machine approach, that is fine as a blast-radius strategy and I have no quarrel with it. It trades isolation between channels for isolation between the agent and the host. If you only have one channel and disposable keys, it works. It stops working as soon as the agent holds something you cannot cheaply rotate, which for most people ends up being their messaging identities.
eloisant 1 days ago [-]
$180 a month is huge for "ordinary people".
So I guess that leaves the in-between people who don't care about spending $180 every month but don't have any personal staff yet or even access to concierge services.
torginus 1 days ago [-]
My 2 cents is that so far LLMs have had a bad track record in replacing people in jobs where simple software logic and flowcharts wouldn't do the job.
lionkor 1 days ago [-]
Those human assistants can be held accountable.
sekh60 1 days ago [-]
I deleted your calendar, I'm sorry.
1 days ago [-]
wesleywt 1 days ago [-]
Its not going to be big. There is no obvious use for them unlike email or the Iphone.
LeCompteSftware 1 days ago [-]
The problem is that if you're wealthy enough to hire someone to do your errands, those errands likely aren't very mundane - the exception is a socialite giving their friend a low-effort job, but executive assistants are paid well because their jobs are cognitively demanding.
OTOH a lower-middle-class Joe like me really does have a lot of mundane social/professional errands, which existing software has handled just fine for decades. I suppose on the margins AI might free up 5 minutes here or there around calendar invites / etc, but at the cost of rolling snake eyes and wasting 30 minutes cleaning up mistakes. Even if it never made mistakes, I just don't see the "personal assistant" use case really taking off. And it's not how people use LLMs recreationally.
Really not trying to say that LLM personal assistants are "useless" for most people. But I don't think they'll be "big," for the same reason that Siri and Alexa were overhyped. It's not from lack of capability; the vision is more ho-hum than tech folks seem to realize.
Sam713 1 days ago [-]
Siri is quite bad though. Personally, I would get a lot of value out of a more accurate Siri that could function as a device/personal assistant. Right now, if I prompt Siri to “search calendar app for flights scheduled this month”, it just straight up fails. That should be a relatively simple contextual search; just asking it to pull existing data. Siri/Apple Intelligence is overhyped because it can’t even perform basic functions effectively, or takes more time than just doing the same function manually.
TeMPOraL 1 days ago [-]
> which existing software has handled just fine for decades
Existing software is what dumped most of those errands on you in the first place.
kqp 1 days ago [-]
[dead]
ZeroGravitas 1 days ago [-]
I see the appeal, but I also see the risks.
If you ignore the risks I don't see why it's hard to see value.
The AI can read all your email, that's useful. It can delete them to free up space after deciding they are useless. It can push to GitHub. The more of your private info and passwords you give it the more useful it becomes.
That's all great, until it isn't.
Putting firewalls in place is probably possible and obviously desirable but is a bit of a hassle and will probably reduce the usefulness to some degree, so people won't. We'll all collectively touch the stove and find out that it is hot.
theshrike79 1 days ago [-]
Just limit the tooling. There's no reason for the AI to be able to delete emails for example.
I built a fastmail CLI tool for my *claw and it can only read mails, that's it. I might give it the ability to archive and label later on, with a separate log of actions so I can undo any operation it did easily.
It's pretty decent at going "hey, there's a sale on $thing at $store", for mails, but that's about it.
greedo 1 days ago [-]
Deleting email to free up space has to be the most ridiculous justification for burning up the environment.
bitmasher9 1 days ago [-]
Yep, I’m seeing real value. I use them for tasks that an assistant might have done in the past. It’s much cheaper than hiring a human, and setup is much faster than finding a good assistant. I’m honestly considering giving it access to accounts with payment information so it can book flights and hotels for me.
You can ask it questions like “what classes does my gym offer between 6-8pm today” and just get a good answer instead of wasting time finding their schedule. You can tell it to check your favorite band’s website everyday to see if they announce any shows in your city. You can tell it to read your emails and automatically add important information to your calendar.
This isn’t the space where I get the most value from AI, but it’s nice to have a hyper connected agent that can quickly take care of more smaller and more personal tasks.
piker 1 days ago [-]
No offense but all of those are near zero value except entertainment to the orchestrator. That’s without understanding the failure rate and modes. It’s telling that you haven’t yet given it your credit card.
bitmasher9 21 hours ago [-]
I would agree that the value is low. It’s the type of thing I wouldn’t pay $20/hr to have a human do, if you want to put a value cap on this type of activity.
seniorThrowaway 1 days ago [-]
Yes, they are good at being coding "interns". They work together in slack which allows management visibility and tasking directly to them. i.e. people who aren't going to be managing a bunch of claude code's all day. I say interns because they are incredibly smart at some things like implementing well defined coding plans and incredibly dumb in other ways, like shipping non-compiling code and asking a human to troubleshoot. To do this requires thoughtful setup, you have to onboard them more like you would a human than a piece of software. Give them their own "workstation", accounts etc. Limit what they can do in those accounts, not in their .md files or skills or anything, they will never follow those 100%, just like a person won't follow directions 100% of the time.
1 days ago [-]
stingraycharles 1 days ago [-]
This is being asked on pretty much every Openclaw thread, and the use cases brought up seem roughly similar: digital assistant.
It of course depends heavily on your work, but my work is 50% communication / overseeing, and I simply lose track of everything.
I don’t give it any credentials of any sort, but I run data pipelines on an hourly basis that ingest into the agent’s workspace.
littlecranky67 1 days ago [-]
I can see a value in a smarter email-inbox sorting algorithm - but only because all major players (except google which I don't trust with my mails) have abandoned bayesian email filtering with training. This was standard in 2005 in such basic clients such as the Opera browser, but somehow we lost this technology along the way.
easygenes 1 days ago [-]
I was an original Thunderbird pre-1.0 (from 2003) user and prior to that, Netscape Mail, and am quite certain it has had bayesian spam filtering all this time, at least since the late ‘90s. That was a headline feature in the early days. My first email account used POP3 through a shared web host for my own domain in that era.
I can't recall the name, but I vaguely remember a Bayesian spam filter for arbitrary POP3 accounts in the 2000s that had a local web frontend, and how excited I was at its effectiveness.
I believe that the shift from "my one computer" to multiple clients (computer + phone + webmail) probably has something to do with it. Even with IMAP sharing state, you still don't have a great way to see and control the filtering, except by moving things in/out of spam folders.
pizza234 1 days ago [-]
> Is anyone finding value in these things other than VCs and thought leaders looking for clicks and “picks and shovels” folks?
Mostly (but of course, not exclusively), porn for the techies. Receiving a phone notification every time a PR is opened on a project of yours? Exciting or sad, depends on one's outlook on life.
moffkalast 1 days ago [-]
I thought emails from github already did that?
mgkimsal 1 days ago [-]
I think the more useful part is the parts that checks a ticket, fixes a bug, then opens the PR automatically. Whether you get an email or a phone text or call from a voice agent is ... somewhat secondary, im.
moffkalast 1 days ago [-]
Fixes a bug, yeah that's some wishful thinking right there. I don't think it counts if it adds three new ones in the process.
eucyclos 21 hours ago [-]
If it added four last month I'd say it absolutely counts. Trends often matter more than position.
_pdp_ 1 days ago [-]
There is value but it is hard to discover and extract outside of a few known areas - like coding, etc.
piker 1 days ago [-]
Yes, I can see the (potential) value in working with agents in software development. The “claw” movement I understood to suggest value in less constrained access to my inbox, personal messages, calendar etc like some sort of PA. It’s hard to quantify how much damage a bad PA can do to someone’s personal and professional life, so if my understand is correct, this seems like a dead end.
_pdp_ 1 days ago [-]
I posted this comment in another thread so reposting it here because it seems to be on topic.
---
IMHO, the biggest problem with OpenClaw and other AI agents is that the use-cases are still being discovered. We have deployed several hundred of these to customers and I think this challenge comes from the fact that AI agents are largely perceived as workflow automation tools so when it comes to business process they are seen as a replacement for more established frameworks.
They can automate but they are not reliable. I think of them as work and process augmentation tools but this is not how most customers think in my experience.
However, here are a several legit use-case that we use internally which I can freely discuss.
There is an experimental single-server dev infrastructure we are working on that is slightly flaky. We deployed a lightweight agent in go (single 6MB binary) that connects to our customer-facing API (we have our own agentic platform) where the real agent is sitting and can be reconfigured. The agent monitors the server for various health issues. These could be anything from stalled VMs, unexpected errors etc. It is firecracker VMs that we use in very particular way and we don't know yet the scope of the system. When such situations are detected the agent automatically corrects the problems. It keeps of log what it did in a reusable space (resource type that we have) under a folder called learnings. We use these files to correct the core issues when we have the type to work on the code.
We have an AI agent called Studio Bot. It exists in Slack. It wakes up multiple times during the day. It analyses our current marketing efforts and if it finds something useful, it creates the graphics and posts to be sent out to several of our social media channels. A member of staff reviews these suggestions. Most of the time they need to follow up with subsequent request to change things and finally push the changes to buffer. I also use the agent to generate branded cover images for linkedin, x and reddit articles in various aspect ratios. It is a very useful tool that produces graphics with our brand colours and aesthetics but it is not perfect.
We have a customer support agent that monitors how well we handle support request in zendesk. It does not automatically engage with customers. What it does is to supervise the backlog of support tickets and chase the team when we fall behind, which happens.
We have quite a few more scattered in various places. Some of them are even public.
In my mind, the trick is to think of AI agents as augmentation tools. In other words, instead of asking how can I take myself out of the equation, the better question is how can I improve the situation. Sometimes just providing more contextually relevant information is more than enough. Sometimes, you need a simple helper that own a certain part of the business.
I hope this helps.
bsenftner 1 days ago [-]
Great information post. don't let the AI fad boi's down votes lead you to think this is not a very worthwhile contribution.
eucyclos 21 hours ago [-]
Weird that you're being downvoted for sharing anecdata on actual use cases. It's as if there's a desire to downplay the positive aspects of this technology in the HN community.
esseph 1 days ago [-]
> They can automate but they are not reliable.
This is why I won't use them for anything externally facing or with high or even moderate damage potential.
Which basically means they don't get used at all.
_pdp_ 1 days ago [-]
This is my point ... it is a change of perspective. They are best suited for cooperation for now.
jstummbillig 1 days ago [-]
> letting an AI into my comms
Idk, it's strange for me to think of it that way. It's tech. If it does something useful, that's cool.
Data protection is always a consideration. I just don't consider a LLM to be a special case or a person, the same way that I don't have strong feelings about "AI" being applied in google search since forever. I don't have special feelings or get embarrassed by the thought of a LLM touching my mails.
Right now for me, agentic coding is great. I have a hard time seeing a future where the benefits that we experience there will not be more broadly shared. Explorations in that direction is how we get there.
piker 1 days ago [-]
My issues aren’t really with privacy so much as what the failure modes look like, and, more fundamentally, with becoming a passenger to my own life.
rowanG077 1 days ago [-]
The problem for me is not the LLM reading it. The problem is the company behind it can most likely recover the sessions. That is a problem since they could share it with whomever they want. Even if they are fully incorruptable it's also not uncommon that they simply get hacked and all this data ends up on the open market.
onchainintel 1 days ago [-]
It all depends on what you do aka your use case. If you're in the content creatio business, which is part of my responsibilities, then yes has been massively helpful. For other roles, I can absolutely see no use case or benefit. Context matters, like with everything.
pjmlp 1 days ago [-]
Same here, I care to the extent I am obligated to, and staying relevant for finding a job.
andai 1 days ago [-]
It's pretty much just Claude Code, except hooked up to your Telegram / WhatsApp / iMessage.
I don't know why they don't make an official integration for it. Probably cause they're already out of GPUs lol
edschofield 1 days ago [-]
Claude Code does now have integration with Telegram, Discord, and iMessage as of a few weeks ago:
I talk to a lot of business people that are interested in automating very basic things in their inbox, on their Google drive, in CRMs, etc. The reason is not that they want to be cool and hip but because they are forced to spend lots of their precious time doing very dull and repetitive things. Promising to take some of that pain away is a really easy sell. Hence all the hype around OpenClaw.
If you look around in the business world, there is an absurdly large number of people still doing all sorts of things manually that they probably shouldn't. And its costing them money. Even before AI that was true. But now it's increasingly becoming obvious to these people that there are solutions out there that might work. There's a fair amount of FOMO on that front with more clued in people that have heard of other people allegedly being a bit smarter than them.
From a practical experience point of view, most people probably don't have the hands-on experience to make a good judgment just yet. "I tried Chat GPT once and it hallucinated" doesn't really count as valid experience at this point and many non-technical people are still at that level. There generally are a lot of headless chickens making absurd claims (either way) about what these systems can and cannot do making sweeping statements about how possible or impossible things are.
If you take the time and sit down to automate a few things you'll find that: 1) the tools aren't great right now 2) there are lots of basic plumbing issues that get in the way 3) fixing those plumbing issues is not rocket science and something anyone with basic CLI or scripting skills can solve easily 4) you can actually outsource most of that stuff to coding agents. 5) if you figure some of the basics out, you can actually make OpenClaw or similar systems do things that are valuable. 6) Most people that aren't programmers won't get very far given the current state of tools. 7) this might change rapidly as better tools become available. 8) people generally lack the imagination to see how even basic solutions could work for them with these systems.
I have an OpenClaw up and running for our company. It is doing some basic things that are useful for us. After solving some basic plumbing issues, it's now a lot easier to make it do new things. It's not quite doing everything just yet (lots more plumbing issues to solve) and we have our healthy hesitations about letting it loose on our inboxes. But it's not useless or without value. Every plumbing issue we solve unlocks a few more use cases. There's a bit of a gold rush right now of course. And "picks and shovels" people like myself are probably going to do a brisk business.
You can wait it out or tap into the action now. That's your choice. But try making it an informed choice. And no better experience than the first-hand type.
mathgladiator 1 days ago [-]
Agent environments like OpenClaw are in the toy phase, and OpenClaw is teaching people how to build things with agents in a toy-like and unreliable way. I used my understanding of OpenClaw to build scalable + secure + auditable agent infrastructure in my platform such that I can build products that other people can use.
bayindirh 1 days ago [-]
We had better agent infrastructures (namely JADE) back in the day. I worked with them, and now these things look like flimsy 50¢ plastic toys to me, too.
cl0ckt0wer 1 days ago [-]
Mostly it's fun. It'll so some light infra management for me too.
mark_l_watson 1 days ago [-]
I ran OpenClaw in a container, on a VPS without connection to messaging systems, so perhaps that is why I didn't get value.
Similarly, I have been using Hermes Agent also inside a container, and on a VPS with only access to a local directory in the VPS with a dozen active projects on GitHub. I don't give it access to my GitHub credentials, but allow it to work in whatever branch is checked out.
This setup is fabulously productive. I use it about every other day to perform some meaningful task for me. It is inexpensive also. A task might take 20 minutes and cost $0.25 in GLP-5.1 API costs.
So TLDR: out of the box, I use Hermes at least one hour a week and find it to be a wonderful tool.
dankobgd 1 days ago [-]
no, it's only for scammers
iugtmkbdfil834 1 days ago [-]
Eh, buddy says he uses them for his network and, apparently, some light IT maintenance for his family members. So far it seems to be working for him. I am not that brave.
rimliu 1 days ago [-]
I am also surprised by the number of people willing to outsource their lives.
eucyclos 21 hours ago [-]
Just the boring bits. I don't need openclaw to lounge by a pool thinking about macro trends for me.
surgical_fire 1 days ago [-]
No.
But I am someone that, for example, dislikes home automation. Know that thing that you ask Alexa to open your curtains? I think that is cringe af.
Maybe there's an overlap with the crowd that likes that.
nryoo 1 days ago [-]
$180/month to control your lights and music. A Raspberry Pi + Home Assistant does this for $0/month and doesn't exfiltrate your home network topology to a third-party API. The value proposition only makes sense if your time is
worth more than your privacy.
eloisius 1 days ago [-]
The comparison to smart home gadgetry seems apt to me. I actually want to hack on something LLM agent-related to practice what is clearly a marketable skill, but I can't find anything I'd actually want it to do for me in my real life, other than maybe sort my emails for me, but there's no way I'm going to pipe every one of my emails to an LLM company.
I remember circa 2015 all my nerdy colleagues were going wild with home automation stuff, and I felt like I wanted to play with it too at first. But then I started to observe that these guys weren't spending less time than me turning on their lights. They were spending way more time than me, in fact, tinkering with their thermostats and curtains. I'm perfectly happy hitting a light switch when I walk in the door.
I can't envision one of these Telegram bots reliably completing tasks for me. Maybe the closest one would be what I've seen in this thread. Downloading torrents and putting them in Jellyfin for me, but really, I don't hate curating my own media collection.
slfnflctd 1 days ago [-]
> my nerdy colleagues were going wild with home automation stuff [...] I wanted to play with it too [...] these guys weren't spending less time than me turning on their lights
Yep. The IoT home automation stuff is still less performant than much older, wired solutions where whole systems were designed at once in a set-and-forget mode and didn't have weird sync issues or delays. I remember seeing the 'home of the future' exhibit at Epcot like 20+ years ago and these IoT setups are often still a total joke in comparison because of all the protocol issues and fiddling with various interfaces needed.
Just like how the analog wired POTS phone systems were more performant in many ways than pretty much any IP based voice setup.
I simply got tired of messing with stuff that kept breaking in unexpected ways. It wasn't saving time, it was adding a lot of totally unnecessary stress and actually taking time away from me-- for little more than an occasional spark of novelty. Being able to use voice accurately & repeatably for simple task requests is probably the only standout advancement.
My 'nerdy colleagues' and myself can get a lot of enjoyment out of tinkering with this new agentic hotness. However, very few of us I think are really getting something that's actually saving us time in the long run (at least in our personal lives), and it's going to take a while to figure out what's actually realistically reproducible toward that end at a reasonable cost.
sumtechguy 1 days ago [-]
IoT was an absolutely terrible fit for the home space. My parents have light switches in their house installed in the 1940s. They still work just as good. Getting something from the IoT of home automation to last like that is very difficult. Yet it seems to be the first model everyone reaches for when talking about it. If they had to replace the switches it would not cost too much to do either.
IoT really comes into its own space though when you pair it up with something that is a real pain to get to. Think somewhere you have to have a crainlift and a 4 hour drive just to touch the 20 year old computer something is hooked up to. Or basically anywhere that takes hours to get to. The space my company typically targeted was high rise air con companies. Or companies where the customer would service out any sort of PLC work to a 3rd party. At that point the savings of having to roll a guy out there vs looking on a computer has the thing pay for itself in 1-2 trips. Also the ability to show up on site with the correct parts. That alone was a huge savings.
IoT's big issues is you have to beat many things that are already dead simple to do.
jdkoeck 14 hours ago [-]
I have Hermes agent run a cron each hour to check if the Steam Controller if finally on sale. I don’t if that resonates with you, I quite like that use case personally :)
This comparison is dishonest, and you know that it is. This is coming from someone that uses Home Assistant and wouldn’t touch OpenClaw with a 10 foot pole. If I had a horse in this race it’d be your horse, but to pretend that these achieve the same goals is just… not in the spirit of an actual discussion.
albatrosstrophy 1 days ago [-]
Kindly elaborate? Coming from someone who still uses AI mainly to draft emails and raspberry Pi as sandboxed automation project.
everforward 1 days ago [-]
I have the voice assistant on Mike hooked up to Claude and it does most of the things I’d want OpenClaw to do.
I’m not generally interested in having it read my email or calendar. I have a digital calendar in the kitchen, and I rarely get important email. I do really enjoy being able to control my house by voice in natural language. I had it set all my lights to Easter colors a while back in a single instruction.
nickthegreek 1 days ago [-]
As someone who has openclaw and HA. HA can very much do alot of what I do in OpenClaw but would take more initial work but would be better in the long run.
_whiteCaps_ 1 days ago [-]
Seems like the approach should be to have an LLM set up HA.
falense 1 days ago [-]
Very cool project! I am working on something similar myself. I call mine TriOnyx. Its based on Simon Willison's lethal trifecta. You get a star from me :D
The analogies the author highlights the multi-purpose nature of these machines, which I believe persists to this day, and is why some people have a hard time adopting Linux (Or why UAC was controversial in an older Win version): The conflation of personal computers, and a multi-user IT systems or servers. The IT story of Wal-Mart used to make the analogy is in the latter category. My dad typing up documents for work, or me playing The Lost Mind of Dr Brain and Mario Teaches Typing have different security requirements.
Havoc 1 days ago [-]
That’s a great deal of technical isolation but does little to address the real problem. If the agent has access to both your info (email, files etc) and reads things on say the open internet then it’s vulnerable to prompt injection and Data exfiltration.
And if you remove either access to data or access to internet then you kill a good chunk of usefulness
amdivia 1 days ago [-]
Also what people forget, even read access alone can be used to communicate with an attacker.
Assume locally i know a read only agent (running on account A) is reading a specific file from user B. Assume it has access to a secret that user B cannot observe. By prompt injection, you can have the read only agent encode the secret as "read" pattern that user B can decode by looking at file access times.
(You can think of fetch requests and the likes for more involved cases)
So read only, while helpful, does not innately prevent communication with an attacker
Schlagbohrer 1 days ago [-]
Why am I totally unable to understand this post. I have been a long time computer user but this has way too much jargon for me.
wccrawford 1 days ago [-]
There's a difference between using a thing and understanding how it works. There's a lot of stuff in this that reference things that only hardware and software creators are going to understand, and only if they're deep enough into their craft.
"Interrupts", for example, are an old concept that is rarely talked about anymore until you get into low-level programming. At a high level, you don't even think about them, let alone talk about them.
khalic 1 days ago [-]
cries in rust interrupts
wccrawford 1 days ago [-]
And you don't think those are pretty low-level?
If they're doing the same thing as the interrupts that the article is talking about, they are low-level.
If they aren't, then the comparison is by name only.
24 hours ago [-]
sixhobbits 13 hours ago [-]
Seems like pro-openclaw arguments dressed up as anti ones. Author remembers MS DOS for a reason.
I have similar concerns and somehow think openclaw will not be remembered in 30 years time so the comparison does not land for me
LudwigNagasena 1 days ago [-]
And I remember OSes today, 1 year ago, 5 years ago, 10 years ago, etc. Security was always a problem. People blindly delegate admin privileges to scripts and programs from the internet all the time. It’s hard to make something secure and usable at the same time. It’s not like agent harnesses suddenly broke all adopted best practices around software and sandboxing.
I remember Apple introducing sandboxing for Mac apps, extending deadlines because no one was implementing it. AFAIK, many apps still don’t release apps there simply because of how limiting it is.
Ironically, the author suggests to install his software by curl’ing it and piping it straight into sh.
1 days ago [-]
kazinator 1 days ago [-]
I Canada there is a character used in IKEA radio ads known as "Swedish Guy", who speaks with a funny accent.
I'm reading that Swedish IT consultant's rant in the voice of Swedish Guy.
tomasol 1 days ago [-]
I believe the codegen must be separated from the runtime. Every time you ask AI for a new task, it must be deployed as a separate app with the least amount of privileges possible, potentially with manual approvals as the app is executing. So essentially you need a workflow engine.
raincole 1 days ago [-]
And MS-DOS was a massive success. Even 'massive' is such an understatement and English probably needs to invent a new word for that level of world-changing business.
So yeah, perhaps it isn't fooling the author, but it doesn't matter for the other billions of people.
digimantis 19 hours ago [-]
to this day i still dont get why people get so crazy about openclaw. i am not saying it's not good. but it's not worth the hype. i am guessing maybe a lot of people who do not code agents dont even know chatgpt can complete automated tasks?
pointlessone 1 days ago [-]
Wow. Much security.
I too remember DOS. Data and code finely blended and perfectly mixed in the same universally accessible block of memory. Oh, wait… single context. nwm
GMoromisato 24 hours ago [-]
Except MS-DOS ultimately won. I grew up in Boston in the 80s, when giants like DEC and Data General were at the leading edge of computing. I remember mainframe folks complaining that "MS-DOS is so primitive! Here's a nickel, kid, buy yourself a real OS."
By the 90s, when I was working on DOS/Windows software, I was inundated with resumes from engineers who had been laid off from those very same companies. And it wasn't until Windows XP in 2000 when most people moved away from DOS.
I feel like every twenty years or so, kids look at the current computing landscape and say, "That's too complicated! I'm not going to learn all that--I'm just going to invent my own thing." DOS was that in the 80s, the Web in 2000. Maybe OpenClaw is that for the 2020s. AI is certainly going to reinvent everything.
The DEC people were right about DOS: it was barely more than a toy. But we didn't abandon it and go back to the safety of VMS. Instead, we improved it until it had all the security and capabilities we needed.
I don't know if OpenClaw is going to win or not, but if you remember MS-DOS, you wouldn't count it out.
sriku 1 days ago [-]
"Fast" is not always a virtue and "efficiency" is not always the only consideration.
_345 1 days ago [-]
The page is hard to read on landscape browsers like Chrome on Win11.
colechristensen 1 days ago [-]
"Blender is damaged and can't be opened."
I'm writing a Blender plugin. I don't know what I did to offend MacOS but somewhere I changed something or touched a file and now MacOS refuses to open Blender until I go through an arcane ritual of telling the OS it's actually ok to use.
I don't like the lack of control in name of security or that you're having to be come ever-more an expert to actually use things you own. Security needs to be done carefully and intentionally not just blasted everywhere. What is being called security is very much more often control by the creators.
nurettin 1 days ago [-]
It wasn't entirely DOS's fault. DOS was a relic from the end of single-process single-user era. Corporate took that and bent it to their use instead of settling for something more complex and harder required an entire department to maintain.
*Claw is more like windows 98. Everyone knows it is broken, nobody really cares. And you are almost certainly going to be cryptolocked (or worse) because of it. It isn't a matter of if, but when.
fuzzfactor 17 hours ago [-]
>For the first time, Wal-Mart could store customer info on a disk.
Well, that may be the first time it wasn't a mainframe. Plus this is for the lay-away project of the mid-'80's when IBM-compatible PC's already existed.
What most people don't realize is that before the IBM PC, Wal-Mart was way ahead of all other retailers with its POS, inventory, and logistics systems from all over the US tied into headquarters in Bentonville, Arkansas.
Using telephone modems of course like anybody else, but this is before they had any "superstores", and were still quite small, nor were they in any big cities. Yet.
But they were ready. Actually that was all Sam had ever been planning for since the beginning, but they had become quite successful enough already as the fastest growing chain of mainly rural "country stores".
A typical Wal-Mart was dwarfed by a K-Mart store, and a full-size Sears seemed like a super store by comparison. They had mainframes and POS too but Wal-Mart just took it to the next level. Ran circles around them digitally.
Really did scorch some earth with those kind of advantages when they came to the big cities, but after the PC came out I would say they regressed more toward the mean. The momentum still overwhelmed though.
tnelsond4 1 days ago [-]
I think we should be giving AI access to something like templeos where there is no permissions and everything runs unrestricted and you can rewrite the os while it's running.
classified 1 days ago [-]
The value proposition seems clear: OpenClaw lets you speedrun the Why of application security and sandboxing from first principles. Start with putting all of your money and your valuables in a box without a lock stored in a public place. If you learn something from that, you may proceed with the next step.
npodbielski 1 days ago [-]
I does not look like it support streaming of responses from llm into channel. Big issue for local inferrence.
TacticalCoder 1 days ago [-]
> curl-pipe-sh as well. The installer verifies the release signature with ssh-keygen against an embedded key, fail-closed on every failure path. The installer’s own SHA is pinned in the README for readers who want to check the script before piping.
Packages shipping as part of Linux distros are signed. Official Emacs packages (but not installed by the default Emacs install) are all signed too.
I thankfully see some projects released, outside of distros, that are signed by the author's private key. Some of these keys I have saved (and archived) since years.
I've got my own OCI containers automatically verifying signed hashes from known author's past public keys (i.e. I don't necessarily blindly trust a brand new signature key as I trust one I know the author has been using since 10 years).
Adding SHA hashes pinning to "curl into bash" is a first step but it's not sufficient.
Software shipped properly aren't just pinning hashes into shell scripts that are then served from pwned Vercel sites. Because the attacker can "pin" anything he wants on a pwned JavaScript site.
Proper software releases are signed. And they're not "signed" by the 'S' in HTTPS as in "That Vercel-compromised HTTPS site is safe because there's an 'S' in HTTPS".
Is it hard to understand that signing a hash (that you can then PIN) with a private key that's on an airgapped computer is harder to hack than an online server?
We see major hacks nearly daily know. The cluestick is hammering your head, constantly.
When shall the clue eventually hit the curl-basher?
Oh wait, I know, I know: "It's not convenient" and "Buuuuut HTTPS is just as safe as a 10 years old private key that has never left an airgapped computer".
(btw Debian signs the hash of testing release with GPG keys that haven't changed in years and, yes, I do religiously verify them)
2muchcoffeeman 1 days ago [-]
[dead]
souravroyetl 1 days ago [-]
[flagged]
ronjakoi 1 days ago [-]
What's wrong with typing 2:1?
souravroyetl 14 hours ago [-]
[flagged]
maxbeech 2 days ago [-]
[dead]
jimmypk 1 days ago [-]
The thread went straight to cost/ROI but the article's actual argument is about security architecture: 'sandbox around the whole agent' vs. 'enforce at the tool layer.' OpenClaw/NemoClaw's setup — binding Ollama to 0.0.0.0 across a network namespace, pairing through the chat channel, approving connections at the netns boundary — are each workarounds for a foundation that didn't separate concerns early. The Unix principle wasn't 'wrap your DOS program in a safer shell' — it was address space and identity separation built in from below. Whether local inference is worth $180/mo is a separate question from whether the permission model belongs at the network boundary or at the tool dispatch layer.
trilogic 1 days ago [-]
Great article. Been skeptical of it since the beginning with this Python "Cli" agents. Been looking for local ai driven Agentic GUI that offers real privacy but coulnt find it anywhere.
Finally what we call real local and ClI agents pipeline local ai driven with llama.cpp engine is done. Just pure bash and c++, model isolated, no http, no python, no api, no proprietary models. There is the native version (in c++) and the community version in Electron. Is electron Good enough to protect users Wrapping all the rest?
This is exciting.
Both OpenClaw and MSDOS gaining a lot a traction by taking short cuts, ignoring decades of lessons learned and delivering now what might have been ready next year. MSDOS (or the QDOS predecessor) was meant to run on "cheap" microcomputer hardware and appeal to tinkerers. OpenClaw is supposed to appeal to YOLO / FOMO sentiments.
And of course, neither will be able to evolve to their eventual real-world context. But for some time (much longer than intended), that's where it will be.
Similar YOLO attitude to OpenAI's launch of modern LLMs while Google was still worrying about all the legal and safety implications. The free market does not often reward conservative responsible thinking. That's where government regulation comes in.
The author sold his previous software business and I'm pretty sure would never need to work anymore. I doubt "a gig at OpenAI" was high on his wish list when he started on Clawdbot.
This is related to my observation that for thousands of years, written text has indicated a human author - this is no longer true, and I think this is going to be very difficult for us to wrap our human brains around fully.
> the training process doesn't introduce anything novel
This is not always the case. A compiler, linter, proof checker, tests, etc. can all lower entropy.
Tons of people called for common sense regulation/guardrails years ago and were shouted down as "luddites obstructing progress." It's funny to see this discussion coming back around.
True, but it doesn't scale. No amount of YOLO will let anyone else repeat that feat.
That's how you end up like Germany still using cash and fax machines for 60+ years.
Of interest, today in Australian media:
Why cash has made an unexpected comeback in Australia: new study - https://theconversation.com/why-cash-has-made-an-unexpected-...
which includes figures that show while only 8% of Australian transactions are cash (by some metric, see article) 33% (a third) of the population fully supports keeping cash on.
In Germany in many places you can only pay with cash.
But the point is, OpenClaw is just the first that lucked and got viral. If not for it, something equivalent would. Much like LangChain in the early LLM days.
You think so? OpenClaw certainly owned the hype cycle for a while. There was a thread on HN last week where someone asked who was actually using it, and the comments were overwhelmingly "tried it, it was janky and I didn't have a good use case for it, so I turned it off." With a handful of people who seemed to have committed to it and had compelling use cases. Obviously anecdotal, but that has been the trend I've seen on conversations around it lately.
Also, the fact that the most starred repo on GitHub in a matter of a few months raises a few questions for me about what is actually driving that hype cycle. Seems hard to believe that is strictly organic.
I was shocked when I saw the guy behind libgdx was also behind pi.dev. Random tech worlds colliding.
But because OpenClaw can just use a web browser like a normal user, you don't need all these APIs and there's no theoretical limitations on the services that can be integrated and automated.
Right now there's a lot of issues/bugs. People have more trust in a deterministic solution like Zapier. But maybe the LLMs and OpenClaw will get there eventually, and if it does, I can see how that's a better solution than a deterministic system.
Which has of course always been the true allure of AI. Do nothing and pretend you did something, when pretending is something you can be bothered to do.
https://en.wikipedia.org/wiki/Worse_is_better
This is why we can’t have nice things
Memory isolation is enforced by the MMU. This is not software.
Maybe you were confused with Linux, which came later, and landed in a soft x32 bed with CPU rings and Page Tables/VirtualMemory. ("Protected Mode", named for that reason...)
That being said, OpenClaw is criminally bad, but as such, fits well in our current AI/LLM ecosystem.
Those arrived with the 386 (286? Don't remember but 386 for sure) and DOS was well alive late into the 386 and even late in the 486 days.
> For UNIX on the same machines, they also had no such protections.
I was already running Linux on my 486 before Windows 95 arrived. Linux and DOS. One had those protections, the other didn't.
With the 386, you could run multiple virtualized Real Mode CPUs, which enabled OS/2 2.x to preemptively multitask DOS sessions. Windows 3.x on a 386 or higher could also multitask DOS sessions, just much less reliably.
Simply put there was no putting said protections in to DOS for a few reasons. Backwards compatibility being a huge one. That and memory in most computers was tiny, getting Linux running on most of them would have been difficult.
win 3.1 had protected mode. but windows 95 which was dos based did not. 98 i think got protected mode? not 100% sure on that. i know in windows 2000 it was still horrible broken...
Sad? That was the best part of DOS. Some of my fondest computing memories was on DOS - warts and all. Being able to live hexedit your drive and memory to cheat in games, the sheer freedom you got from hacking around the OS is incompatible to modern operating systems - even Linux.
You were in full control of your computer and you decided how it could be used, not some mega corporation or compliance agency.
DOS wasn't sad, it was fun.
There's no megacorp stopping you from reading and writing kernel memory. Unless, of course, the computer refuses to run software not signed by the megacorp or some software refuses to run without a digitally signed chain all the way down to the firmware like some game anticheats do.
But that's not really because of things like permission boundaries for processes. You can have those and still be in full control of those boundaries. It may be more convoluted than in a barebones system like DOS, of course.
Problem is, I was just learning and the mac was running System 7. Which, like MS-DOS, lacked memory protection.
So, one backwards test at the end of your loop and you could -- quite easily -- just overwrite system memory with whatever bytes you like.
I must have hard-locked that computer half a dozen times. Power cycle. Wait for it to slowly reboot off the external 20MB SCSI HDD.
Eventually I took to just printing out the code and tracing through it instead of bothering to run it. Once I could get through the code without any obvious mistakes I'd hazard a "real" execution.
To this day, automatic memory management still feels a little luxurious.
But my main takeaway is that from the security standpoint this is a ticking bomb. Even under Docker, for these things to be useful there is no going around giving it credentials and permissions that are stored in your computer where they can be accessed by the agent. So, for the time being, I see Telegram, my computer, the LLM router (OpenRouter) and the LLM server as potential attack/exfiltration surfaces. Add to that uncontrolled skills/agents from unknown origins. And to top it off, don't forget that the agent itself can malfunction and, say, remove all your email inboxes by mistake.
Fascinating technology but lacking maturity. One can clearly see why OpenAI hired Clawdbot's creator. The company that manages to build an enterprise-ready platform around this wins the game.
Hype, mainly buying Hype before their IPO. The project is open source and the thinking behind it is not difficult, if they truly wanted they could have done it a long time ago or even without the guy. It was a pure hype 'acquisition' of a project that become popular for amateur programmers that got into it through vibe-coding and are unaware of the consequences and security exposure they subject themselves at.
This is so clearly the next step from Siri to Alexa to {Openclaw like technology}, that is an interface to technology that loads of people find value in everyday, and loads of people complain doesn’t have enough capabilities.
[1] https://fly.io/blog/tokenized-tokens/
[2] https://blog.exe.dev/http-proxy-secrets
Using my Mac or Windows PC, it's very rare that I actually want an app to access files on its own that it didn't create. Like if I write a doc in Word, I'm only going to edit it in Word. I might want to email a copy to someone, but that doesn't mean Mail needs RW access to the original. I might copy a video clip into editing software, but again it doesn't need to touch the original. Programs often need their own dirs for caches, settings, etc, and those don't even need to be read by other programs. It's also annoying how they can write anywhere in ~/ and end up scattering stuff in random places. The iPhone sandboxing system works great for all that, where apps have to explicitly share to others. The Mac file access rules tried to address this but still seem like Swiss cheese while also getting in the way of normal usage, and there's seemingly nothing in Windows or Linux (unless you're going out of your way with jails).
Other APIs besides file are a bigger challenge. That was gated away from the start on iPhones but not on desktop OSes. If they don't find a solution, web and mobile apps are going to keep taking over.
Separately, idk if anyone is only installing from the Mac App Store. You can't even get Chrome that way. It's also just bad, like it bothers you about login, then apps get stuck in half-downloaded state.
But yeah if anyone can pull this off, it'd be Apple, seeing how frequently they'll break apps by requiring new APIs.
I had to look to see what's even in my phone's Files app... looks like WhatsApp saved its received photos in there and I accidentally downloaded a couple of files in Safari. Except I didn't give WhatsApp permission, so idk what the rules are with that.
That alone is a reason to start over with a from-scratch mes desktop OS implementation
Microsoft and Apple both have more than enough money to do it. It would be a ~10 year project. It would not make money which is why it’ll never be done.
Is there something specific that you want that cannot be implemented reasonably on existing systems?
Unless you have a specific compelling benefit that only a rewrite can grant, focused narrow rewrites are the way.
I think this depends on your definition of an app. When I write a text file in vim, I definitely want grep and sed and awk to have access to it. When I edit a source code document with VSCode, I want Python to be able to read and interpret it. To me, the core of computing is documents that are passed along from app to app, gaining value at each step.
It is the worst of both worlds.
I especially love how flatpak has its own version of graphics drivers, which results in my browser flatpak updating to a version that has a mismatch between my system drivers, flatpak, and the browser.
Too many bloody layers of abstraction.
Linux has flatpak
It's like your actual asssitant. Now, most of this can be done inside ChatGPT/Claude/Codex now. Their only remaining problem for certain agentic things is being able to run those remotely. You can set up Telegram with Claude Code but it's somehow even more complicated than OpenClaw.
Convenience is a technical advantage. That's why streaming later beat Blu-ray despite a regression in picture quality.
I remember watching something on Betamax, possibly Star Wars but have no recollection of changing tape. My dad was a teacher and had access to a VT player on my birthday. On other occasions he would bring home a BBC Microcomputer. Quite a treat when we couldn't afford to buy our own TV even.
Edit, seems Empire Strikes Back was a single tape - https://ebay.us/m/Ypz8SW
Originally, Betamax increased physical tape length, but cutting tape speed (like how vinyls can play at different RPMs) was a more economical way of cramming more hours onto the same tape by cutting quality.
Both VHS and Betamax went through multiple phases of this. Eventually VHS won by being cheaper.
https://mrbetamax.com/BetaSpeeds.htm
But this wasn't Sony's strength and VHS was consistently cheaper for longer movies.
That conceded a big chunk of early adopters to VHS.
The counterexamples that convinced me were Grok and Steam VR aren't taking significant marketshare from ChatGPT and Oculus despite having better support for adult content.
Originally, I thought this would kill Oculus given that's the most popular use of VR, but nope.
Videotape solved the "can't watch film porn at home" problem. Online payments and delivery solved the "need to risk going to the store to buy porn" problem.
What does VR porn solve over just watching standard porn on your monitor/TV?
And because of the resolution limitations, aren't VR headsets actually worse for watching porn than modern 4K monitors?
Ironically, AI is solving this better than VR did. Many people are in relationships with AI girlfriends. Not many are in relationships with VR waifus.
If your old Lenovo has vPro/Intel AMT - then you already are running Minix.
Remember that DOS is single process, it is not as if you could run a service just like that. You could mess with interrupt handlers, but you had to do the scheduling yourself, and make sure your code is small, because shockingly, 640k may not be enough for everyone.
MS-DOS simply wasn't a good choice for networking, and not just because of the lack of security. In fact, it could turn out to be more secure than modern systems because of the limited attack surface. No crazy framework stacks here, just your code and the network card.
I am not interested in the "claw" workflow, but if I can use it for a safer "code" environment it is a win for me.
When people vibe-code, usually the goal is to do something.
When I hear people using OpenClaw, usually the goal seems to be… using OpenClaw. At a cost of a Mac Mini, safety (deleting emails or so), and security (litelmm attack).
It wasn’t (only) that, though; they also learned, so that, when people could afford to buy computers that were really useful, there were people who could write useful programs, administer them, etc.
Same thing with 3D printers a decade or so ago. What did people use them for? Mostly tinkering with hard- and software for days to finally get them to print some teapot or rabbit they didn’t need or another 3D printer.
This _may_ be similar, with OpenClaw-like setups eventually getting really useful and safe enough for mere mortals.
But yes, the risks are way larger than in those cases.
Also, I think there are safer ways to gain the necessary expertise.
My Dad used PC-Scheme a lot, working on his side projects.
Of course, also games.
- organize follow-up reminders for business calls. Automate a modem-based upload.
- crunch investment options in commodities. Not in an econometric way, but a table listing which analyst said what and which analyst was silent. Automate a modem-based upload.
So, with regard to the article, we can presume the author did claw-like things with DOS. As he aged, now he probably needs to organize many trips to doctors and specialists. Who is doing all that administration for your older folks?
From what I understand, the main appeal isn't the end result, but building that AI personal assistant as a hobby is the appeal.
1. Something like OpenClaw will change the world.
2. OpenClaw is not yet ready.
The heart of OpenClaw (and the promise) is the autonomy. We can already do a lot with the paid harnesses offered by OpenAI and Anthropic, so the secret sauce here is agents doing stuff for us without us having to babysit them or even ask them.
The problem is that OpenClaw does this is an extreme rudimentary way: with "heartbeats." These are basically cron jobs which execute every five minutes. The cron job executes a list of tasks, which in turn execute other tasks. The architecture is extremely inefficient, heavy in LLM compute, and prone to failure. I could enumerate the thousand ways it can and will fail but it's not important. So the autonomy part of the autonomous assistant works very badly. Many people end up with a series of prescriptive cron jobs and mistakenly call that OpenClaw.
Compounding this is memory. It is extremely primitive. Unfortunately even the most advanced RAG solutions out there are poor. LLMs are powerful due to the calculated weights between parametric knowledge. Referring to non-parametric knowledge is incredibly inefficient. The difference between a wheelchair and a rocket ship. This compounds over time. Each time OpenClaw needs to "think" about anything, it preloads a huge amount of "memories" into the query. Everything from your personal details to architecture to the specific task. Something as simple as "what time is it" can chew through tens of thousands of tokens. Now consider what happens over time as the agent learns more and more about you. Does that all get included in every single query? It eventually fails under its own weight.
There is no elegant solution to this. You can "compress" previous knowledge but this is very lossy and the LLMs do a terrible job of intelligently retaining the right stuff. RAG solutions are testing intelligent routing. One method is an agentic memory feedback loop to seek out knowledge which might exist. The problem is this is circular and mathematically impossible. Does the LLM always attempt to search every memory file in the hope that one of the .md files contains something useful? This is hopelessly slow. Does it try to infer based on weekly/monthly summaries? This has proven extremely error-prone.
At this point I think this will be first solved by OpenAI and/or Anthropic. They'll create a clean vectorised memory solution (likely a light LLM which can train itself in the background on a schedule) and a sustainable heartbeat cadence packaged into their existing apps. Anthropic is clearly taking cues from OpenClaw right now. In a couple of years we might have a competent open source agent solution. By then we might also have decent local LLMs to give us some privacy, because sending all my most intimate info to OpenAI doesn't feel great.
Heartbeat cron and naive memory are the right thread to pull. Agree.
The problem is the data/trust boundary. One agent process, one credential store, all channels sharing both. Whenever we scale the memory up, which we all want to do, we scale the disaster radius of every prompt injection with it.
Wirken accounted for this in the first design step. Per-channel process isolation. Handshakes between adapters and the core. Compile-time type constraints so a Discord adapter cannot construct a Telegram session handle. Encrypted credential vault. Hash-chained audit log of every action. All, remaining model-agnostic, so local models and confidential-compute providers are drop-in.
Your memory point is still unsolved at this layer. When memory does get solved, you want the solver running where it cannot leak the wrong credentials to the wrong channel. Otherwise the smarter it gets, the worse the breach.
Agentic coding has all of the same issues and it gets solved much the same way: give LLMs tool calls to file persistent memories by topic, list what topics are available (possibly with multiple levels of subtopics in turn) and retrieve them into the context when relevant. Not too different from what humans do with zettelkasten and the like.
Then about $120 in API credits from Anthropic, xAI, openrouter, openAI, and Gemini ( $25 here and there adds up).
Best bang for my buck has been with xAI grok-4.20-beta
The thread's linked article is about comparing MS-DOS' security, but the comparison works on another level as well: I remember MS-DOS. When the very idea of the home/office computer was new. When regular people learned how to use these computers.
All this pretension that computers are "hard to use", that LLMs are making the impossible possible, it's all ahistoric nonsense. "It would've taken me months!" no, you would've just had to spend a day or two learning the basics of python.
It's a simple idea, but as a self-taught dev I still remember how foreign these tools first felt.
That’s why there isn’t a coherent use story because like glue the answer is whatever the user needs to glue/get done
I have it hooked up to my smart home stuff, like my speaker and smart lights and TV, and I've given it various skills to talk to those things.
I can message it "Play my X playlist" or "Give me the gorillaz song I was listening to yesterday"
I can also message it "Download Titanic to my jellyfin server and queue it up", and it'll go straight to the pirate bay.
It having a browser and the ability to run cli tools, and also understand English well enough to know that "Give me some Beatles" means to use its audio skill, means it's a vastly better alexa
It only costs me like $180 a month in API credits (now that they banned using the max plan), so seems okay still.
I have a hard time imagining how much better Alexa would have to be for me to spend $180/month on it...
OpenClaw is not a CC-only product. You can configure it to use any API endpoint.
Paying $180/month to Anthropic is a personal choice, not a requirement to use OpenClaw.
In other words, assuming no price increase, 7 years of that pricing is $15k. Is there hardware I could buy for $7k or less that would be able to replace those API calls or alternativr subs entirely?
I've personally been trying to determine if I should buy a new GC on my aging desktop(s), since their graphic cards can't really handle LLMs)
But if you don't need frontier coding abilities, there are several nice models that you can run on a video card with 24GB to 32GB of VRAM. (So a 5090 or a used 3090.) Try Gemma4 and Qwen3.5 with 4-bit quantization from Unsloth, and look at models in the 20B to 35B range. You can try before you buy if you drop $20 on OpenRouter. I have a setup like this that I built for $2500 last year, before things got expensive, and it's a nice little "home lab."
If you want to go bigger than this, you're looking at an RTX 6000 card, or a Mac Studio with 128GB to 512GB of RAM. These are outside your budget. Or you could look at a Mac Minis, DGX Spark or Strix Halo. These let you bigger models much slower, mostly.
5090 is pretty expensive (~$4000) to justify it over a $10-50 sub. I guess the nice thing is the api side becomes "included", if I ever want to go that route. But if I have a GHCP $40 sub vs a $4000 GC to match it, just on hardware, pay off is at 8 years. If I add in electricity, pay off is probably never.
Sure, the sub can go up in price, but the value proposition for self-running doesn't seem to make sense - especially if I can't at least match Sonnet on GHCP or something like that.
I hope to self-run some not useless LLMs/Agents at some point, but I think this market needs to stabalize first. I just don't like waiting.
M3 ultra with 80GOu cores and 256GB of ram is $7500 - that’s right at the edge of the budget, but it fits.. if you can get an edu discount through a kid or friend you’re even better off!
Over 5 years, that works out to ~$45k vs ~$10k, and during that duration, it's possible better open models will come available making the GPU better, but it's far more likely that the VC-fueled companies advance quicker (since that's been the trend so far).
In other words, the local economics do not work out well at a personal scale at all unless you're _really_ maxing out the GPU at close to 50% literally 24/7, and you're okay accepting worse results.
As long as proprietary models advance as quickly as they are, I think it makes no sense to try and run em locally. You could buy an H100, and suddenly a new model that's too large to run on it could be the state of the art, and suddenly the resale value plummets and it's useless compared to using this new model via APIs or via buying a new $90k GPU with twice the memory or whatever.
Given the trends of the capitalist US government, which constantly cedes more and more power to the private sector, especially google and apple, I assume we'll end up with a state-run model infrastructure as soon as we replace the government with Google, at which point Gemini simply becomes state infrastructure.
That's not correct. If USPS makes more revenue than their expenses for a year, they can't pay it out as profits to anyone.
It's true that USPS is intended to be self-funded, covering it's costs through postage and services sold, and not tax revunue. That doesn't mean there's profit anywhere.
Pricing in the US postal system is not based on maximizing profit. Ths US postal system is not a for-profit system, at all. It is a delivery system (more or less) that happened to start turning a profit (2006) until PAEA. After that, the next time it made a profit was 2025.
That depends on the country in question :-)
$3,699.00
M4 Max 16c/40c, 128GB of RAM, 1TB SSD.
LM Studio is free and can act as a LLM server or as a chat interface, and it provides GUI management of your models and such. It's a nice easy and cheap setup.
Like, no one bats an eye at all the people paying $100/mo for Hulu + Live TV, or paying $350/mo for virtual pixels in candy crush / pokemon go / whatever, and I'm having at least that much fun in playing with openclaw.
If any of my friends admitted to spending $350/mo on candy crush i'd think that they'd badly need help for a gambling problem.
The things I want to use it for (like gathering weekly reports across a half dozen brokerage and bank accounts) are not things I'd trust it to do.
That means picking up and cleaning the house after 3 kids and a dog. Grocery shopping. Dishes. Laundry. Chores.
Tech crap? Nope.
The only "selection" complaint I regularly have had is the bananas are nearly always very unripe - like several days from being edible. But then I went to the store myself for several weeks and realized they just never have ripe bananas.
In other words, they're doing as well as I could do if I were shopping it myself.
Then you have a shopping list. You can do the shopping digitally now a days, but once it's delivered, now you have to organize it into the pantry existing stock, probably with a way to ensure older items are used first. This might involve separating out certain ingredients into smaller packaging and freezing some for later use.
That is all very manual, and I don't see how digitizing one part greatly simplifies it, especially if the digitization is error prone.
In a high enough income state, the answer is you hire a personal household chef or something like that. That isn't digitizing the problem- that is outsourcing it.
In The Netherlands you can get a live-in au-pair from the Philippines for less than that. She will happily play your Beatles song, download the Titanic movie for you, find your Gorillaz song and even cook and take care of your children.
It's horrible that we have such human exploitation in 2026, but it does put into perspective how much those credits are if you can get a real-life person doing those tasks for less.
Working abroad is a totally reasonable proposition compared to working in the Philippines.
A normal full time employee costs at least 2000€ a month (salary, tax, pension plan, health insurance, etc). If you are paying less than that you are definietly exploiting them.
A lot of people in the Silicon Valley area spend that much ($6/day) on coffee. What they don’t realize is how out of touch they are in thinking makes sense for the rest of the fucking world. $180/mo is about 5% of the median US per capita income. It’s not going to pick your kids up from school, do your taxes, fix your car, or do the dishes. It’s going to download movies and call restaurants and play music. It’s a hobby, high-touch leisure assistant that costs a lot of money.
The economics of these businesses are based way more on hope and hype than rational analysis and planning.
For comparison, a full time "virtual assistant" with fluent English from the Philippines costs upwards of $700/month nowadays.
What a horrible situation.
The number one goal of AI should be to eliminate human exploitation. We want robots mining the minerals we use for our phones, not children. We should strive to free all of humanity from dangerous labour and the need for such jobs to exist.
If Elon Musk wants Optimus robots to help colonize Mars shouldn’t he be trying to create robots that can mine cobalt or similar minerals from dangerous mines and such?
I have some bad news.
And you see nothing wrong with that?
Be judgemental all you want, but I feel like I'm paying for less friction, and also more security since my experiments also showed claude to be the least vulnerable to prompt injection attempts.
Hard to believe unless your are doing something much more complex than the things you listed
Not to be a narc or anything, but is OpenClaw liable to just perform illegal acts on your behalf just because it seemed like that's what you meant for it to do?
I think they do it mostly to feel young and edgy.
There's at least a couple of dozen instances right now, somewhere, getting very close to designing boutique chemical weapons.
People do this? Or is it some sort of joke way above my head?
In what bizarre world is it easier to ask a massive LLM to play a playlist rather than ... literally hitting the play key on it?
You could build up a legitimate collection for much less than $180/mo.
This is cheap replacement for ordinary people.
It's going to be big. But probably it's best to wait for Google and Apple to step up their assistants.
OTOH, this isn't an issue for "ordinary people". They go to work, school, children's sports events, etc. If they had an assistant for free, most of them would probably find it difficult to generate enough volume to establish the muscle memory of using them. In my own professional life, this occurred with junior lawyers and legal assistants--the juniors just never found them useful because they didn't need them even though they were available. Even the partners ended up consolidating around sharing a few of them for the same reason.
Down in this thread someone mentions it being an advanced Alexa, which seems apt. Yes, a party novelty but not useful enough to be top of mind in the every day work flow.
The tech has existed for a while but nobody sane wants to be the one who takes responsibility for shipping a version of this thing that's supposed to be actually solid.
Issues I saw with OpenClaw:
- reliability (mostly due to context mgmt), esp. memory, consistency. Probably solvable eventually
- costs, partly solvable with context mgmt, but the way people were using it was "run in the background and do work for me constantly" so it's basically maxing out your Claude sub (or paying hundreds a day), the economics don't work
- you basically had to use Claude to get decent results, hence the costs (this is better now and will improve with time)
- the "my AI agent runs in a sandboxed docker container but I gave it my Gmail password" situation... (The solution is don't do that, lol)
See also simonw's "lethal trifecta":
>private data, untrusted content, and external communication
https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/
The trifecta (prompt injection) is sorta-kinda solved by the latest models from what I understood. (But maybe Pliny the liberator has a different opinion!)
The "gave it my Gmail password" problem has a better answer than "don't do that." Security kicks itself out of the room when it only says no. Reserve the no for the worst days. The rest of the time, ship a better way.
That's why I built the platform to make credential leaks hard. It takes more than a single prompt. The credential vault is encrypted. Typed secret wrappers prevent accidental logging and serialization. Per-channel process isolation means a compromise in one adapter does not hand an attacker live sessions in the others.
"Don't do that" fails even for users trying their hardest. Good engineering makes mistakes hard and the right answer easy. Architecture carries the weight so the user does not have to.
On the trifecta being "sorta-kinda solved" by newer models, no. Model mitigations are a layer, not a substitute. Prompt injection has the shape of a confused-deputy problem and the answer to confused deputies has always been capabilities and isolation, not asking the already confused deputy to try harder.
You want the injection to fail EVEN when the model does not catch it.
The one I see the most is brokers. Agent talks to a thing, thing has credential and does the task for the agent. Or proxies that magically inject tokens.
I think this only works for credentials though?
It doesn't solve the personal information part (e.g. your actual emails), right?
As for security, my solution was: keep it simple and limit blast radius.
Expect it to blow things up, and set things up so it doesn't matter when it happens.
I don't like docker so I just made a Linux user called agent. Agent can blow up all the files in its own homedir, and cannot read mine.
I felt really clever until I realized there's an even better solution: just give it a laptop (or Mac mini, or server, or whatever we're doing this week).
Same result but less pain in my ass. Switching users is annoying (and sharing files, and permission issues...). Also, worrying about which user I'm running stuff as... The thing just shouldn't be on my machine in the first place. It should have its own!
Functionally, its own Linux user or root on a $3 VPS are the same thing. It blows up the VPS, I just reset it.
For keys, I don't do anything fancy. It can leak all my keys. But if anyone steals them, they can exhaust my entire $5 prepaid balance ;) Blast radius limited.
But yeah, needs, tastes and preferences may differ.
The layer that addresses content-level flow is information-flow enforcement above identity. TriOnyx (https://github.com/tri-onyx/tri-onyx) looks at that exact problem: taint and sensitivity tracking, gateway kills on threshold breach.
It complements Wirken. You need identity before you can meaningfully ask what agent A has been exposed to.
On the agent-gets-its-own-machine approach, that is fine as a blast-radius strategy and I have no quarrel with it. It trades isolation between channels for isolation between the agent and the host. If you only have one channel and disposable keys, it works. It stops working as soon as the agent holds something you cannot cheaply rotate, which for most people ends up being their messaging identities.
So I guess that leaves the in-between people who don't care about spending $180 every month but don't have any personal staff yet or even access to concierge services.
OTOH a lower-middle-class Joe like me really does have a lot of mundane social/professional errands, which existing software has handled just fine for decades. I suppose on the margins AI might free up 5 minutes here or there around calendar invites / etc, but at the cost of rolling snake eyes and wasting 30 minutes cleaning up mistakes. Even if it never made mistakes, I just don't see the "personal assistant" use case really taking off. And it's not how people use LLMs recreationally.
Really not trying to say that LLM personal assistants are "useless" for most people. But I don't think they'll be "big," for the same reason that Siri and Alexa were overhyped. It's not from lack of capability; the vision is more ho-hum than tech folks seem to realize.
Existing software is what dumped most of those errands on you in the first place.
If you ignore the risks I don't see why it's hard to see value.
The AI can read all your email, that's useful. It can delete them to free up space after deciding they are useless. It can push to GitHub. The more of your private info and passwords you give it the more useful it becomes.
That's all great, until it isn't.
Putting firewalls in place is probably possible and obviously desirable but is a bit of a hassle and will probably reduce the usefulness to some degree, so people won't. We'll all collectively touch the stove and find out that it is hot.
I built a fastmail CLI tool for my *claw and it can only read mails, that's it. I might give it the ability to archive and label later on, with a separate log of actions so I can undo any operation it did easily.
It's pretty decent at going "hey, there's a sale on $thing at $store", for mails, but that's about it.
You can ask it questions like “what classes does my gym offer between 6-8pm today” and just get a good answer instead of wasting time finding their schedule. You can tell it to check your favorite band’s website everyday to see if they announce any shows in your city. You can tell it to read your emails and automatically add important information to your calendar.
This isn’t the space where I get the most value from AI, but it’s nice to have a hyper connected agent that can quickly take care of more smaller and more personal tasks.
It of course depends heavily on your work, but my work is 50% communication / overseeing, and I simply lose track of everything.
I don’t give it any credentials of any sort, but I run data pipelines on an hourly basis that ingest into the agent’s workspace.
Edit: Yes it’s still there https://support.mozilla.org/en-US/kb/thunderbird-and-junk-sp...
I believe that the shift from "my one computer" to multiple clients (computer + phone + webmail) probably has something to do with it. Even with IMAP sharing state, you still don't have a great way to see and control the filtering, except by moving things in/out of spam folders.
Mostly (but of course, not exclusively), porn for the techies. Receiving a phone notification every time a PR is opened on a project of yours? Exciting or sad, depends on one's outlook on life.
---
IMHO, the biggest problem with OpenClaw and other AI agents is that the use-cases are still being discovered. We have deployed several hundred of these to customers and I think this challenge comes from the fact that AI agents are largely perceived as workflow automation tools so when it comes to business process they are seen as a replacement for more established frameworks.
They can automate but they are not reliable. I think of them as work and process augmentation tools but this is not how most customers think in my experience.
However, here are a several legit use-case that we use internally which I can freely discuss.
There is an experimental single-server dev infrastructure we are working on that is slightly flaky. We deployed a lightweight agent in go (single 6MB binary) that connects to our customer-facing API (we have our own agentic platform) where the real agent is sitting and can be reconfigured. The agent monitors the server for various health issues. These could be anything from stalled VMs, unexpected errors etc. It is firecracker VMs that we use in very particular way and we don't know yet the scope of the system. When such situations are detected the agent automatically corrects the problems. It keeps of log what it did in a reusable space (resource type that we have) under a folder called learnings. We use these files to correct the core issues when we have the type to work on the code.
We have an AI agent called Studio Bot. It exists in Slack. It wakes up multiple times during the day. It analyses our current marketing efforts and if it finds something useful, it creates the graphics and posts to be sent out to several of our social media channels. A member of staff reviews these suggestions. Most of the time they need to follow up with subsequent request to change things and finally push the changes to buffer. I also use the agent to generate branded cover images for linkedin, x and reddit articles in various aspect ratios. It is a very useful tool that produces graphics with our brand colours and aesthetics but it is not perfect.
We have a customer support agent that monitors how well we handle support request in zendesk. It does not automatically engage with customers. What it does is to supervise the backlog of support tickets and chase the team when we fall behind, which happens.
We have quite a few more scattered in various places. Some of them are even public.
In my mind, the trick is to think of AI agents as augmentation tools. In other words, instead of asking how can I take myself out of the equation, the better question is how can I improve the situation. Sometimes just providing more contextually relevant information is more than enough. Sometimes, you need a simple helper that own a certain part of the business.
I hope this helps.
This is why I won't use them for anything externally facing or with high or even moderate damage potential.
Which basically means they don't get used at all.
Idk, it's strange for me to think of it that way. It's tech. If it does something useful, that's cool.
Data protection is always a consideration. I just don't consider a LLM to be a special case or a person, the same way that I don't have strong feelings about "AI" being applied in google search since forever. I don't have special feelings or get embarrassed by the thought of a LLM touching my mails.
Right now for me, agentic coding is great. I have a hard time seeing a future where the benefits that we experience there will not be more broadly shared. Explorations in that direction is how we get there.
I don't know why they don't make an official integration for it. Probably cause they're already out of GPUs lol
https://code.claude.com/docs/en/channels
I haven't used OpenClaw since then ...
If you look around in the business world, there is an absurdly large number of people still doing all sorts of things manually that they probably shouldn't. And its costing them money. Even before AI that was true. But now it's increasingly becoming obvious to these people that there are solutions out there that might work. There's a fair amount of FOMO on that front with more clued in people that have heard of other people allegedly being a bit smarter than them.
From a practical experience point of view, most people probably don't have the hands-on experience to make a good judgment just yet. "I tried Chat GPT once and it hallucinated" doesn't really count as valid experience at this point and many non-technical people are still at that level. There generally are a lot of headless chickens making absurd claims (either way) about what these systems can and cannot do making sweeping statements about how possible or impossible things are.
If you take the time and sit down to automate a few things you'll find that: 1) the tools aren't great right now 2) there are lots of basic plumbing issues that get in the way 3) fixing those plumbing issues is not rocket science and something anyone with basic CLI or scripting skills can solve easily 4) you can actually outsource most of that stuff to coding agents. 5) if you figure some of the basics out, you can actually make OpenClaw or similar systems do things that are valuable. 6) Most people that aren't programmers won't get very far given the current state of tools. 7) this might change rapidly as better tools become available. 8) people generally lack the imagination to see how even basic solutions could work for them with these systems.
I have an OpenClaw up and running for our company. It is doing some basic things that are useful for us. After solving some basic plumbing issues, it's now a lot easier to make it do new things. It's not quite doing everything just yet (lots more plumbing issues to solve) and we have our healthy hesitations about letting it loose on our inboxes. But it's not useless or without value. Every plumbing issue we solve unlocks a few more use cases. There's a bit of a gold rush right now of course. And "picks and shovels" people like myself are probably going to do a brisk business.
You can wait it out or tap into the action now. That's your choice. But try making it an informed choice. And no better experience than the first-hand type.
Similarly, I have been using Hermes Agent also inside a container, and on a VPS with only access to a local directory in the VPS with a dozen active projects on GitHub. I don't give it access to my GitHub credentials, but allow it to work in whatever branch is checked out.
This setup is fabulously productive. I use it about every other day to perform some meaningful task for me. It is inexpensive also. A task might take 20 minutes and cost $0.25 in GLP-5.1 API costs.
So TLDR: out of the box, I use Hermes at least one hour a week and find it to be a wonderful tool.
But I am someone that, for example, dislikes home automation. Know that thing that you ask Alexa to open your curtains? I think that is cringe af.
Maybe there's an overlap with the crowd that likes that.
I remember circa 2015 all my nerdy colleagues were going wild with home automation stuff, and I felt like I wanted to play with it too at first. But then I started to observe that these guys weren't spending less time than me turning on their lights. They were spending way more time than me, in fact, tinkering with their thermostats and curtains. I'm perfectly happy hitting a light switch when I walk in the door.
I can't envision one of these Telegram bots reliably completing tasks for me. Maybe the closest one would be what I've seen in this thread. Downloading torrents and putting them in Jellyfin for me, but really, I don't hate curating my own media collection.
Yep. The IoT home automation stuff is still less performant than much older, wired solutions where whole systems were designed at once in a set-and-forget mode and didn't have weird sync issues or delays. I remember seeing the 'home of the future' exhibit at Epcot like 20+ years ago and these IoT setups are often still a total joke in comparison because of all the protocol issues and fiddling with various interfaces needed.
Just like how the analog wired POTS phone systems were more performant in many ways than pretty much any IP based voice setup.
I simply got tired of messing with stuff that kept breaking in unexpected ways. It wasn't saving time, it was adding a lot of totally unnecessary stress and actually taking time away from me-- for little more than an occasional spark of novelty. Being able to use voice accurately & repeatably for simple task requests is probably the only standout advancement.
My 'nerdy colleagues' and myself can get a lot of enjoyment out of tinkering with this new agentic hotness. However, very few of us I think are really getting something that's actually saving us time in the long run (at least in our personal lives), and it's going to take a while to figure out what's actually realistically reproducible toward that end at a reasonable cost.
IoT really comes into its own space though when you pair it up with something that is a real pain to get to. Think somewhere you have to have a crainlift and a 4 hour drive just to touch the 20 year old computer something is hooked up to. Or basically anywhere that takes hours to get to. The space my company typically targeted was high rise air con companies. Or companies where the customer would service out any sort of PLC work to a 3rd party. At that point the savings of having to roll a guy out there vs looking on a computer has the thing pay for itself in 1-2 trips. Also the ability to show up on site with the correct parts. That alone was a huge savings.
IoT's big issues is you have to beat many things that are already dead simple to do.
https://wiki.servarr.com/
I’m not generally interested in having it read my email or calendar. I have a digital calendar in the kitchen, and I rarely get important email. I do really enjoy being able to control my house by voice in natural language. I had it set all my lights to Easter colors a while back in a single instruction.
https://www.tri-onyx.com/
And if you remove either access to data or access to internet then you kill a good chunk of usefulness
Assume locally i know a read only agent (running on account A) is reading a specific file from user B. Assume it has access to a secret that user B cannot observe. By prompt injection, you can have the read only agent encode the secret as "read" pattern that user B can decode by looking at file access times.
(You can think of fetch requests and the likes for more involved cases)
So read only, while helpful, does not innately prevent communication with an attacker
"Interrupts", for example, are an old concept that is rarely talked about anymore until you get into low-level programming. At a high level, you don't even think about them, let alone talk about them.
If they're doing the same thing as the interrupts that the article is talking about, they are low-level.
If they aren't, then the comparison is by name only.
I have similar concerns and somehow think openclaw will not be remembered in 30 years time so the comparison does not land for me
I remember Apple introducing sandboxing for Mac apps, extending deadlines because no one was implementing it. AFAIK, many apps still don’t release apps there simply because of how limiting it is.
Ironically, the author suggests to install his software by curl’ing it and piping it straight into sh.
I'm reading that Swedish IT consultant's rant in the voice of Swedish Guy.
So yeah, perhaps it isn't fooling the author, but it doesn't matter for the other billions of people.
I too remember DOS. Data and code finely blended and perfectly mixed in the same universally accessible block of memory. Oh, wait… single context. nwm
By the 90s, when I was working on DOS/Windows software, I was inundated with resumes from engineers who had been laid off from those very same companies. And it wasn't until Windows XP in 2000 when most people moved away from DOS.
I feel like every twenty years or so, kids look at the current computing landscape and say, "That's too complicated! I'm not going to learn all that--I'm just going to invent my own thing." DOS was that in the 80s, the Web in 2000. Maybe OpenClaw is that for the 2020s. AI is certainly going to reinvent everything.
The DEC people were right about DOS: it was barely more than a toy. But we didn't abandon it and go back to the safety of VMS. Instead, we improved it until it had all the security and capabilities we needed.
I don't know if OpenClaw is going to win or not, but if you remember MS-DOS, you wouldn't count it out.
I'm writing a Blender plugin. I don't know what I did to offend MacOS but somewhere I changed something or touched a file and now MacOS refuses to open Blender until I go through an arcane ritual of telling the OS it's actually ok to use.
I don't like the lack of control in name of security or that you're having to be come ever-more an expert to actually use things you own. Security needs to be done carefully and intentionally not just blasted everywhere. What is being called security is very much more often control by the creators.
*Claw is more like windows 98. Everyone knows it is broken, nobody really cares. And you are almost certainly going to be cryptolocked (or worse) because of it. It isn't a matter of if, but when.
Well, that may be the first time it wasn't a mainframe. Plus this is for the lay-away project of the mid-'80's when IBM-compatible PC's already existed.
What most people don't realize is that before the IBM PC, Wal-Mart was way ahead of all other retailers with its POS, inventory, and logistics systems from all over the US tied into headquarters in Bentonville, Arkansas.
Using telephone modems of course like anybody else, but this is before they had any "superstores", and were still quite small, nor were they in any big cities. Yet.
But they were ready. Actually that was all Sam had ever been planning for since the beginning, but they had become quite successful enough already as the fastest growing chain of mainly rural "country stores".
A typical Wal-Mart was dwarfed by a K-Mart store, and a full-size Sears seemed like a super store by comparison. They had mainframes and POS too but Wal-Mart just took it to the next level. Ran circles around them digitally.
Really did scorch some earth with those kind of advantages when they came to the big cities, but after the PC came out I would say they regressed more toward the mean. The momentum still overwhelmed though.
Packages shipping as part of Linux distros are signed. Official Emacs packages (but not installed by the default Emacs install) are all signed too.
I thankfully see some projects released, outside of distros, that are signed by the author's private key. Some of these keys I have saved (and archived) since years.
I've got my own OCI containers automatically verifying signed hashes from known author's past public keys (i.e. I don't necessarily blindly trust a brand new signature key as I trust one I know the author has been using since 10 years).
Adding SHA hashes pinning to "curl into bash" is a first step but it's not sufficient.
Software shipped properly aren't just pinning hashes into shell scripts that are then served from pwned Vercel sites. Because the attacker can "pin" anything he wants on a pwned JavaScript site.
Proper software releases are signed. And they're not "signed" by the 'S' in HTTPS as in "That Vercel-compromised HTTPS site is safe because there's an 'S' in HTTPS".
Is it hard to understand that signing a hash (that you can then PIN) with a private key that's on an airgapped computer is harder to hack than an online server?
We see major hacks nearly daily know. The cluestick is hammering your head, constantly.
When shall the clue eventually hit the curl-basher?
Oh wait, I know, I know: "It's not convenient" and "Buuuuut HTTPS is just as safe as a 10 years old private key that has never left an airgapped computer".
Here, a fucking cluestick for the leftpad'ers:
https://wiki.debian.org/Keysigning
(btw Debian signs the hash of testing release with GPG keys that haven't changed in years and, yes, I do religiously verify them)