Adafruit probably did a review of AI PCB tools. I've used Flux.ai before; it was a pretty bad experience. After about 50-100$ in tokens a couple of times, I couldn't get more than a couple of simple components on the schematic. And not in sensible positions.

The product just grinds tokens for little return, in my opinion. I had far better luck wiring together KiCad MCP, SKIDL. There are some AI-driven autorouters out there now. Placement is probably the big issue that needs to be solved now. I could only get about 80% of what I wanted together with my hacky workflow.

This is exactly my experience, wasted $60 trying to get it to make something. The founder sent an automated AI email about setting up a time to meet and go through it then ghosted me at the meeting time.

> There are some AI-driven autorouters out there now. Placement is probably the big issue that needs to be solved now.

Interesting that within an IC this is basically "solved", or at least properly automated with classical numeric techniques such as simulated annealing.

I would have thought there's a big opportunity in a mixed-technique approach, where you use AI to extract unstructured data from datasheets and then feed it into more deterministic tools.

I also note that it's very easy to waste more than $100 in electronics once you start actually manufacturing bad PCBs.

> mixed-technique approach

I think my biggest annoyance with the way we rolled out AI is that nobody seemed to want to use it to augment already working solutions.

Just throw everything out and have an LLM do it instead.

I've been frustrated with Copilot in this regard.

I work on a large C++ codebase, with large files. Human developers jump around between files with the Visual Studio fuzzy search, set breakpoints to trace execution in the Debugger, use the IDE's refactoring tools.

Microsoft's answer to this was to just ... expose none of this to their Agent Mode!? Replace the working semantic autocomplete with fucking lies!?

Maybe it's changed, I haven't been paying that much attention after bouncing off of this. I've gotten mild acceleration from using gptel-mode in emacs, manually adding references to context, and having models do various mechanical transformations on code. And I've even had some limited success writing tools for it to do LSP lookups.

It frustrates me too, it really feels like the next breakthrough will be when someone gets agents working "natively" with LSP on large code-bases.

Anthropic added LSP support to claude-code, but the current implementation is worse than useless, because any changes aren't reflected fast enough, so it's constantly working on outdated views / compilation caches, and it gets in a right muddle between its "internal" state / understanding in context, the real-world file, and the LSP.

If it could just leverage LSP to apply refactorings it would be amazing, but it feels like the LSP can't keep up, and I don't know if that's an LSP problem or a claude problem.

So we binned the LSP plugin and we're back to watching a machine find/replace, because while waiting on that is slower than LSP, it's a "Action => Wait" which the tooling understands, while LSP is "Possibly Wait for LSP to catch up => Action" which it doesn't understand nearly as well.

I suspect the LSP plugins also need better skills that pair with them so it reaches for them more often.

It hurts my soul to see it reach for find/replace to rename a class, complete with mistakes made in complex solutions where you might have name clashes in different namespaces. Something the LSP handles without problem, but can trip up an LLM.

I wonder, is the problem here that LSP is updating too slow all the time? Or just that there’s a chance it will update very slow, and you never really know if you’ll hit that chance, so your model always has to do the “long time wait” just in case? It seems like it ought to be possible for LSP to report that it is still processing, in the latter case, somehow…

I work in Unity and I got frustrated with Claude constantly doing gross bash/grep/awk/sed/grep nested loops that took forever that I finally described (and had Claude implement and install) a tool that could, in a single pass, gather all this info from a Unity forest of scenes at once and answer all the questions Claude ever wanted to ask about a Unity project in a single pass that takes 50ms instead of 10 30 second iterations. It still took a lot of coaching to get it to actually use this tool, but it seems like I’ve convinced it.

if it helps, I've found that using context (Claude.md etc) is way less effective for this type of pattern compared to using PreToolHook to capture "bad patterns" and either transparently rewriting them to "do the right thing" if that is possible statically, or if not then rejecting the tool use with a message that tells the agent "how" to use the intended tooling itself.

tool_call is just a fancy wrapper to a black box that executes console commands. Said commands are now the actual backbone of all agentic AI, It feels like the linux people are incredibly vindicated in the single responsibility principle

Way too much engineering effort to make something that might get leapfrogged by the next gen LLM.

It's a tantalizing thing, but far too treacherous to actually go for it, most of the time.

I recently saw a Claude skill that used Claude, with no tools, as a spell checker.

I wanted to hurl my laptop out to the window.

Isn't this pretty much why language models were invented?

Pasting something directly into the chat interface seems weird, but if you could somehow just see where P(token | context) falls off a cliff, that's a pretty good hint that your writing has problem.

I swear that so many AI usecases I see are: "I did not have the skill or realize that you can write a program for this obvious logic".

I guess that works if you aren't a programmer or don't want to hire somebody, but then wtf would I pay for your service or product?

What would be a better way to incorporate AI as a spell checker?

In comparison to non-AI traditional tools, AI has the advantage of "understanding" the text, reducing the number of "stupid" mis-corrections. And its spelling correctness is usually already impeccable, so what is there to gain by interfacing it with traditional solutions, and how can it be achieved?

AI can’t really spell check without risking changing the meaning of sentences. Spell checking was a solved problem before this.

Spellchecking is absolutely not a solved problem. I immediately disable spellchecking on every avenue it tries to approach because managing a bunch of dictionaries on every browser/device/application that has its own spellchecker for some godforsaken reason to not have squigglies spammed over every piece of jargon, slang, and slightly atypical spelling is incredibly annoying. I don't know how effective LLMs are, but it's difficult to imagine they can be worse than the existing regime, which is embarrassingly bad for the decades it's been around.

An interesting idea I saw long ago in some book (I thought it was K&P's "Software Tools," or my second guess was K&R1, but neither of those panned out — a strong Mandela effect) was the clever idea of a whole-document spellchecker that works purely probabilistically, by histograms: you feed it a document, it tallies the trigraphs, and any trigraph that appears only rarely is flagged as a likely typo. This approach lets through unknown-but-realistic words like "antithematory" while flagging unrealistic words like "prisencolinensinainciusol" (because of its unlikely "ciu" and "ius" clusters) and "antthemaory" (because of "ntt" and "aor").

To make this approach work better, feed it a bunch of English text (or whatever language your document is in) before the document you really want to "spellcheck."

Essentially this isn't a spell "checker" so much as a spell "linter" — it looks for antipatterns statistically associated with bugs, and reports the patterns for further investigation.

If anyone knows where this trigraph-based "spellchecker" was first presented, I'd love to find out again.

That's uhh...a language model?

Human copy editors are less than perfect too. I hired one copy editor who I could not trust to be the last person who touched a document before it went out.

I had a friend who wrote an article for the New York Times: the article made a lot of sense before she submitted it, but it was edited for length and style and it definitely read like a New York Times piece but didn't completely make sense.

Only if the problem is declared to be whatever it is that spell checkers solve. As the classic joke goes, "Me spell chucker work grate. Need grandma chicken."

>Only if the problem is declared to be whatever it is that spell checkers solve.

The problem being misspelling, hence, "spell checker". Like, this seems pretty straightforward? Grammar checking if you cannot use the language properly is a pretty different problem space, and indeed has long existed and is exposed as a separate thing. And not just in fancy word processors either, if you go to something as simple as macOS TextEdit you'll see separate check boxes for "Check spelling as you type" vs "Check grammar with spelling". If someone wants to try out using LLMs for grammar no problem, but spell checking is purely about the mechanical and, importantly, deterministic aspect of typos or outright non-words.

>As the classic joke goes, "Me spell chucker work grate. Need grandma chicken."

There is a genuine touch of irony/meta in you using that here in this context. That sentence has no misspelled words, and importantly gets across the exact humorous meaning the human who wrote it intended. The joke literally only works because a human was able to make creative use of language. If you had an LLM agent posting for you to HN and it automatically changed that to:

>As the classic joke goes, "My spellchecker works great but could use some grammar checking."

Well, where would the joke be now!? This goes to the exact concern people have with powerful non-deterministic meaning-changing tools replacing deterministic meaning-preserving ones.

I just fed this entire thread (excluding your comment pointing out the joke, and the text mentioning that it was a joke) to an LLM, and it did better than the dictionary spellchecker: corrected one real error, left my "squigglies" alone which was attacked by squigglies with the old-hat spellchecker, and specifically noted, without any prompting in that direction, that it left the joke spelling unchanged. It did not rewrite any sentences. I'm all for determinism where deterministic tools work, but the current implementations are so bad I can't blame people for turning to a non-deterministic program if it's still better on average.

It's not clear whether using "grate" instead of "great" is a grammar mistake or a spelling mistake. I'd argue it's a spelling mistake. The intent was not "my spell checker works a frame of metal bars," it was "my spell checker works well." It just so happens that the misspelled word matches a different word.

An example of a sentence like this with correct spelling but bad grammar would be "my spell checker works good." All of the words are what they're meant to be, but the last word is not the correct part of speech.=

But because computers are good at detecting "this doesn't match any known word" and bad at detecting "this matches a word but isn't the word you meant to use here," we've redefined "spell checking" to mean "find words that don't match any known word."

Your point about the joke is not correct. If I put my comment into ChatGPT and ask for a grammar check, it recognizes that it's a joke with deliberately bad grammar and suggests leaving it alone. If I put my comment into a grammar checker, it flags multiple errors in the joke. And "deterministic meaning-preserving ones"? Traditional spell/grammar checkers may be deterministic, but at no point have they ever been guaranteed to preserve meaning, or even been particularly good at it.

AI certainly is the shiny new hammer, and it is tempting to see the world as nails.

Traditional methods might not be perfect, but they also easily fit in the memory of even low power devices. Perhaps it isn't a problem worth burning a dollar of tokens for every spelling mistake.

The fact that it produces correctly spelled words says nothing about it’s ability to find spelling mistakes or to correct them without errors like completely changing the word.

You mean errors like misusing "it's" when the right word is "its?"

> What would be a better way to incorporate AI as a spell checker?

Don't do a stupid thing like that in the first place.

> In comparison to non-AI traditional tools, AI has the advantage of "understanding" the text, reducing the number of "stupid" mis-corrections.

I doubt it, but if that's true, run a normal spell checker, and then give the output to your LLM to filter.

> what is there to gain by interfacing it with traditional solutions,

About a billionfold improvement in compute efficiency, and a lower error rate.

> and how can it be achieved?

10 seconds of actual thought.

Something something bitter lesson blah blah

I think the bitter lesson is severely misapplied in the current situation: If progress from "just add more resources" is very slow, and a huge amount of money is at stake, continous work on hand-engineering can give a continuous and very valuable competitive advantage.

The labs all seem to be going for AGI through bigger LLMs, and I am reasonably sure that it's not going to happen like that.

> The labs all seem to be going for AGI through bigger LLMs

I don't know if this is still the case. Labs like anthropic and openai are spending a huge amount of their time on custom model wrappers. Something which they used to leave to their customers.

A few days ago someone on HN commented that a teammate uses Claude to search for text in files on their own computer. Buddy... There's Command-line Tools Can Be 235x Faster Than Your Hadoop Cluster and then there's Command-line Tools Can Be ∞ Faster Than Your AI.

As snark, I've been using the phrase "ask GPT about it" for things that clearly do not need an LLM to be involved. The other day, I was on a zoom call and said it, only to see the present actually doing it. I hope my unmuted laugh wasn't too distracting.

> nobody [wants to use AI] to augment already working solutions

Plenty of people do, but that only produces a blog post that will get you to the front page of HN. If you want VCs to drop $40M on your head, you need to pretend to reinvent the world.

Then, to further appease the rain gods, you need to sue the bloggers on the front page of HN who are challenging your world-changing narrative. Which will, heh, drop you on the front page of HN.

Our community is, literally, eating itself at this point. There was a time when we actually took "make something people want" literally. Now it's just part of the fiction.

That precise mixed technique approach has worked well for me. I’ve been using JITX (python based circuit design with a powerful auto router). Free for personal use, and has been discussed a few times here in HN.

Edit: it’s almost assumed at this point but for completeness Claude / Codex were the ones driving the OO python code and datasheet research and parsing.

https://www.jitx.com/

Until a few years ago it was generally understood that useful "creativity" involves solving problems within constraints, e.g. something a lot like SAT or SMT in spirit even if not in the details.

Then we got LLMs which will make a good parody of anything and occasionally get it right.

Within an IC you don't have large obstructions for metal layers, distances are short, and buffers can be inserted at will to manage SI.

It has been about 20 years since I worked on this (clock gating and clock buffering), but ..

> distances are short

I remember we had a catastrophic error for "wire longer than 2cm".

> and buffers can be inserted at will to manage SI.

Effective buffering of large nets was a massive pain. Areas where you want to buffer are inevitably areas with a very high level of placement congestion. So you push some cells out of the way to add a buffer. That ends up worsening their timing. So they need a bit more sizing/buffering. Rinse and repeat for a few hours.

( https://web.archive.org/web/20071028033035/http://www.edn.co... ; long since absorbed into Cadence)

It is far from solved in IC, synthesis tools sometimes still do really stupid things and there's still quite a lot of hand-holding required to get to a working chip.

And LLM are even stupider and need even more hand-holding

The right use of AI would be to use it to create a better routing/synthesis tool, but that's not what is being worked on

> After about 50-100$ in tokens a couple of times, I couldn't get more than a couple of simple components on the schematic.

Is this common? When I try out new AI tools, even as person who is financially independent, I load up maybe 10-20 USD worth of tokens, and if I don't get anything working from that, I literally give up and don't continue trying. If it can't do anything useful like "place a simple component on the schematic" after ~10 USD of expenditure, is it really worth continue adding more money into the platform? Seems DOA in those cases.

I used company money on it. I was hoping I could massage it along enough to get a workable test fixture out of it. I wanted to put together a simple hardware-in-the-loop tester for a component of our product.

Someone should’ve told these guys: https://news.ycombinator.com/item?id=48337328

I tried this last week and had the same experience. It was terrible and they got $140 out of me before I realized what it was (not) capable of. Their support was nonexistent as well.

All of these Gen AI tools where you pay a subscription fee are basically Software-as-a-Casino. You spin the wheel and hope it doesn't come up 00, then chase good money after bad when it does. Add in the parasocial relationship that some people develop with the LLM and you basically have OnlyFans but instead of vaguely dissatisfying feet pics to order it's vaguely dissatisfying code to order. It's that edge of "almost there, just one more token, bro" that makes it addictive.

That might be the right analogy except it is not clear that it is a house always wins situation.

If you have a .6 chance of success on any particular outcome. Long term win or loss is down to your behaviour. If you double or nothing every time loss is guaranteed. The right strategy will win over the long term.

Gambling addicts make all kinds of post-hoc rationalizations for why they are actually up, if you think about it. "Well, if you consider my entertainment, I'm actually up." "Well, if you think of all the drinks I got comped, I'm actually up." Even worse are the ones who talk about runs, "I was up $10,000 at one point." Nevermind they gave it all back and another $20k chasing that first $10k. At the end of the day, if they had just gone to the movies instead, they'd have more money on their pocket.

Same with most people "doing a startup" or "opening a restaurant". There will be arguments all day long about how these affairs are technically possible and quite lucrative if everything goes according to plan. But the reality is that vanishly few people are equipped to identify and stick to the right plan. Reality meeting theory.

I've told my developers they can use agentic coding if they want, but they must never mention it in the course of development. Not because I don't want to know, but because it's not going to change my evaluation of "their" work. If they can use the AI and get to a point that they can submit a PR that they themselves understand, then technically speaking, what do I care? But if it breaks the build or does something stupid and they don't understand it, it's going to be a bad day for them, whether they wrote it themselves or copied it out of StackOverflow or had Gemini do it.

Nobody has taken me up on this offer, because I think they know that they aren't going to have the extreme discipline to do the hard thing of understanding "someone" else's code and sign their name to it.

> If they can use the AI and get to a point that they can submit a PR that they themselves understand, then technically speaking, what do I care?

This is where my employer has ended up after extremely cautious AI adoption: _must_ be reviewed by a human, and the human whose name is on the gerrit review is responsible for the quality of the work.

For some reason the OpenAI dashboard shows me how much money the company as a whole has spent? It's still a very reasonable-looking amount of money and a tiny fraction of salaries.

That doesn’t seem “extremely cautious,” it seems… exactly the right amount of cautious. “A computer can never be held accountable” and all that.

I am actually up all the drinks I got comped in Vegas. I sit down at the penny slots and bet one penny one row until I get offered a free drink. I tip the server $3, bet two more pennies for good measure, get up, and walk out with the drink in my hand. I just got like a $3.10 Manhattan for walking around the strip, including tip, courtesy of some business that was low-key trying to scam me and deserves to have less money than they do.

The casino runs the probabilies on the customers too. You get the Manhattan because it, on average, gives them a return.

They probably aren't making a loss on the $3.10 Manhatten either.

I not sure what crap casino you're going to, but there are no penny slots in Vegas.

https://www.casino.org/news/vegas-myths-re-busted-the-end-of...

If they cannot mention it how do you know that they have not taken up the offer?

I agree that people will rationalise being in a losing situation as a winning situation. That does not change the fact that winning situations can exist.

They can't talk about it during the code review. Basically, "no excuses." We talk about what we're doing otherwise.

That's still gambling, you've just made yourself the house.

Developers have to gamble on whether they will be better with AI or without.

The no excuses criteria means if they choose AI and it performs well, you both win, if it performs poorly they lose.

If they don't choose AI but colleagues do and it performs well, they lose relative to their colleagues.

The sensible solution would be solidarity and all reject the offer. Don't play the house.

> I could only get about 80% of what I wanted together with my hacky workflow.

I literally did this yesterday with solid results using Codex CLI. I used xhigh thinking and gpt 5.5.

I had it use KiCad directly via cli rather than via MCP, and I did make Claude Opus review it's work after every round. I got what I think will be a working revision A in about 10 hours of tinkering spread over a few days.

Is 10 hours a short amount of time for designing a PCB?

Faster than some, slower than some.

PCBs come in all different levels of complexity.

> Placement is probably the big issue that needs to be solved now.

Would some sort of constraint-solving algorithm help with that? Something like (but not necessarily) Cassowary[0]? Maybe I'm misunderstanding what is meant by placement though; I don't have much domain knowledge in PCBs / electronics.

[0]: https://news.ycombinator.com/item?id=43362528

I've written my own autoplacer/autorouter. Placement is where you put the components on the board, routing is how you shape the traces to interconnect them.

It does a pretty decent job on small hobby-project boards of ~40 components (which is my use case at the moment), and I'm working part-time in the background on scaling it further.

The resulting designs pass all the KiCad electrical and geometry checks. Granted, I've spent about a year working on this problem, and it's hard, but not that hard a problem, providing you can avoid falling off the exponential cliff by decomposing it into hierarchical subproblems.

Quick-and-dirty unsupervised whole-board synthesis from schematic takes about 5 minutes, longer if you want cleaner output with nicer-looking better-routed traces.

As others here have said, placing is the real problem to solve, and that's where the magic happens. Place the components right, and routing is a relatively easy loosely-coupled constraint programming problem, place them wrongly, and you will have to get used to seeing the word UNFEASIBLE in your log output.

This project sounds very cool. Is it open source? If yes, can you share a link to the repo?

As an electrical engineer who has tried to use it multiple times, I think Flux is an absolutely awful product. No surprise at all that they want to sweep details about their “intellectual property, commercial traction and user base” under the rug.

Yeah this stuff isn't even realistic as well.

A number of years ago I was working on something professionally and there was a problem. Only about 1 in 5 boards assembled wouldn't crash the CPU. After much debugging it turned out one of the ICs had an open collector output and it wasn't loaded correctly with a pull up resistor. This caused a cascading failure, held the bus up when initialising the hardware which hit the WDT and reset the CPU over and over again.

If you aren't there designing the thing in the first place, you never read the datasheets, never drew the schematic, never placed the components and thus don't know where to look when something goes wrong. And it does go wrong. And then you're in deep shit.

I worry about people who think they can get a product out of the door with this stuff but can't.

Everything you said is exactly the proper argument against vibe coding.

If you can’t or don’t entirely go over the output, the failure mode is invisible.

Vibe coding is certainly the main part of it. But another problem is how deep our software and hardware stacks are. There is too much information to retain to solve problems now.

Flux just got funding from Bain and others, and it feels like Adafruit was preparing a post about it. Maybe they contacted Flux to confirm some info and they freaked out?

I can't find in archive.org if they had a previous post about it.

Also, seems like there a good bunch of complains in Reddit about Flux and its billing...

https://old.reddit.com/r/PCB/comments/1t476x4/warning_fluxai...

Note that this is not related to Black Forest Labs Flux, the image synthesis models builders, and is instead related to a PCB AI authoring product called Flux.ai.

Also not related to https://fluxkeyboard.com/

Nor f.lux, the warm light software that got Sherlocked by every major OS.

https://justgetflux.com/

Nor the Flux Capacitor from Back to the Future.

Nor the famed Good Will Hunting and Argo actor and director, Ben Afflux

There's a lesson in here about how to name your product, but I can't quite flux my finger on it

> Time to shine

Nor is this Flux the display warmth app

Thanks, that name was indeed making me wonder what's going on with the BFL people. :)

Exactly, these vectors point in very different directions!

Had no idea about this. Now I do.

Thank you, lawyers. If you ever find yourself out of work use this as your reference to pivot to advertisement

Streisand in full effect!

It's super effective!

hi everyone, phil and limor here, any questions for now, email press@adafruit.com

limor and i are very much looking forward to telling our story.

It might be being suggested in that statement, but to me that reads that there's a potential opportunity there for a delayed AMA on this?

That if people were to email press@adafruit.com with a subject line (for example) of 'FLUX - AMA for later', these questions could be rounded up and the responses could then go onto a Adafruit blog page later, when and if applicable?

limor and phil here, we would 100% welcome it, looking forward to telling our story very soon - pt & limor

I'm curious, but I'm not sure if you can say - has Adafruit ever published anything about Flux?

new "altaccount2026" only posting twice, today, about this. we are very much looking forward to sharing our story, very very soon.

if you "altaccount2026 " really want a twitter archive of my photos of my kids, puppets, links to my articles, posts, and more, it may be available on some archiver.

we are very much looking forward to sharing our story.

press@adafruit.com for inquires ...

Adafruit sure has a lot of stories they are eager to tell lately.

I have, and the article does not in any way address my question. You also seem to be a brand new user, so in case you're not aware, HN guidelines say to refrain from mentioning whether or not someone has read the link.

As a long time reader I keep wondering how it is more conductive to the discourse to comment without reading than to point that the answers might be in the article someone ignored.

Just reply with a quote from the article. They will understand they did not read carefully, and you can avoid the low-value 'read the article' snark (that might be false since often it is not actually in the article when somebody does that).

My question wasn't "how to handle that better". I hope it's okay to point it out :)

I would also argue it's not "often" the case someone asking the obvious question seemingly answered in the article had actually read it. It happens, surely, but it's not a rule of thumb.

That's too meta for a thread here anyways, I think.

It's an in-actionable "question" / comment. The rule does not claim one thing is better than the other. One is easily enforceable, the other is indemonstrable. If the point of this exchange is to better understand and use HN, the reason is because it is not hard to be constructive instead of throwing out non sequiturs.

And I didn't say it's '"often" the case someone asking the obvious question seemingly answered in the article had actually read it'. I said the person pointing it out while refusing to provide receipts or cordially engage is often wrong about what they think is obviously in the article. It's worthless noise regardless.

I'd rather read "it's in the article you didn't read" than pretty much anything else.

The ideal case of course is that there are only legit questions and discussion from people who actually read what they are talking about. If they miss something that's fine as long as it's the honest exception. But this is not a thing that exists or can exist, so it doesn't count. It's not actually available to be a "What I'd like the most."

The next-most ideal case is when someone talks about something they didn't read, that no one else responds at all. The noise is the minimum possible noise from the original source and it just gets ignored. This aslo is not a real thing, and so not up for consideration.

What's left is some flavore of "noise". This is not avoidable. it will exist and the only choices are what form and flavor it takes.

I think it is most conductive for everyone, the poster, the bystanders, everyone, including people who don't like "noise", is the obvious and natural response. That it's the obvious and natural response for a reason.

Low value and snark may be true but it's irrelevant. It's still the best most productive reaction. (Within reason, 500 of the same response to one comment isn't very interesting reading, but multiple of the same agreeing response does serve a purpose which serves us all.)

That's what I mean by "I'd rather read that than almost anything else."

There are are no better options that actually exist.

new empty "altaccount2026" with only this post, hi.

please email press@adafruit.com , limor and i are looking forward to telling our story very soon - pt & limor

They have a few more if you turn showdead on. All about y’all.

Almost makes you wonder if they're the sparkfun ceo and perpetuating that asinine feud.

Looks like Flux.ai got some publicity out of this. Maybe not the kind they wanted - after reading this thread, I'll sure never give them a dime.

Struck a nerve, but I wouldn’t back down. If they do take you to court, there’s this wonderful thing called discovery.

From what I can tell, the message is

When you discover an exploit, only communicate with source (and pray they respond) or get sued. Seems like the position is customers and stakeholders shouldn't be allowed access to this information.

Seems similar to what Microsoft is doing lately:

https://www.cpomagazine.com/cyber-security/microsoft-doubles...

That's actually very common even with respected bug bounty programs. Communicating exploits to anyone else (let alone the general public) will at the very least make you ineligible for rewards.

> Adafruit’s reporting concerns a matter of public security interest and was conducted in the ordinary course of responsible disclosure

What's the context here?

It seems there's suspiciously little context available, yet here I also am commenting on a 'vaguepost'. I wonder if one day AI will be able to filter out vagueposts from my browser along with ragebait and curiosity gap headlines.

If AI does that it’ll make us 10x readers

Indeed, however:

    10 x 0.1 = 1

Bold of you to assume my reading ability is that high.

It's deliberately written that way, by lawyers who are making sure they (Adafruit) won't accidentaly admit to something they didn't.

Best I can tell they've taken down whatever it was, but most likely flux left some ways to get data out of their system that shouldn't have been and Adafruit leveraged that. Could have been in a good way like exposing false claims of architecture or security, or a bad way like revealing proprietary information on how the platform worked or looking at other peoples' projects (more than just seeing they could do that). If the blog doesn't come back up, I'll kinda assume they did something bad. I don't have sources but I've heard adafruit isn't the sweetest fruit in the tree...

I was surprised they didn't publish the text of the demand letter verbatim.

> Adafruit accessed only information that Flux’s own systems made publicly available through a server misconfiguration

Does anyone have some more context about what happened here? An uncharitable analogy might be that I misconfigured my front door by not locking it, which doesn't give someone the right to walk in and look around - but I have no idea what Adafruit is specifically being accused of doing.

That isn’t legal in most jurisdictions either. You’re not a lawyer.

It often does when your front door is otherwise a business storefront. Without knowing the specifics of what was accessed, analogies really aren't helpful. And there seems to be zero context here, so this strikes me as the most plausible scenario: https://news.ycombinator.com/item?id=48368635

(I agree that Adafruit's statement itself is worded pretty terribly!)

I wanted to love flux.ai because i love codex... and if i could automate the creation of some PCB projects with as much success as I am with codex it would have been quiet fun in the shop... so i gave them a $100~ bucks and i got like nothing in return so I decided i'd wait and see... sounds like it has not improved.

Never heard of Flux.ai before. It seems to be a 3D circuit designer with 'AI'.

Not sure what the issue between them and Adafruit is. However, people over on Reddit¹ claim that Flux.ai is a little bit scummy. They push users into a beginner trial ($5/month) and then silently charge for usage per token - up to $100 per month.

Oh, they also claim that they have "the world's largest community-driven public library of Adafruit products, including footprints, symbols, datasheets, and simulation models"². I wonder whether they designed these themselves or whether they use existing ones. Could not easily find licenses info.

¹) https://www.reddit.com/r/PCB/comments/18o5zfo/thoughts_on_fl...

²) https://www.flux.ai/sitemap/manufacturers/adafruit

I previously had a passing interest in Flux, now I'm certain it's a fraud.

Had anyone tried AutoPCB (https://autopcb.app/) instead?

Seems especially useful when paired with an agentic coding tool!

Yep, and it’s terrible

Not only did it burn a 100$ failing but it did so in a very untransparent way.

I bought a 20 dollar plan but they snuck a 100$ billed usage into the billing agreements next thing I know the agent as used the quote going in circles and my card is billed.

We need outcome based billing...

I don't want to pay for a service that doesn't deliver.

> We need outcome based billing... I don't want to pay for a service that doesn't deliver.

You can already do this: hire a consultancy to build you a working deliverable for a fixed price. They will be incentivized to prompt their tools well and to avoid tools that are consistently pathological.

I’m so sick of this that I go to the trouble to set up prepaid cards to pay for these things now.

A handful of honest participants like DeepSeek are pay as you go instead of trying to sneakily bill you for usage.

For anyone that has been missing the memo on how to become rich:

1. Make a slop machine that's a wrapper around another slop machine like claude, openai, google or whatever.

2. Hire a lawyer to send threatening emails to anyone that might call you out.

3. Get a few investors that are completely clueless to throw a ton of cash at you for having ai in your product.

4. Profit.

Honestly, get a hold of Louis Rossmann, this shit needs to stop.

Flux.ai offers a PCB design solution which is a clear interest for Adafruit. Anyone have any idea what this is about?

Why do we tolerate this bullying and misconduct from companies that harms us and progress overall? Is there really no solution in this day and age for harmful behavior and aggression and hostility like what it looks like Flux is doing here? I can't believe we don't have an answer, I think it's just that the bad guys are drowning us in noise and making it hard for us to identify the solutions where we band together a la David v Goliath against them.

Suing the industry won't win them customers/friends.

I suspect they don't care. Their only goal is likely to get enough good PR to sell to some big tech or AI company for an absurd valuation.

>The letter further asserts claims under the Computer Fraud and Abuse Act. Adafruit accessed only information that Flux’s own systems made publicly available through a server misconfiguration

A confession

They vibe coded their system and it showed Adafruit something? Or showed some information with trivial prodding? Sounds like your average cross-tenant leak. Maybe showing more than intended or some caching issue. Many options some not really not fault of Adafruit.

Or someone found server.domain/path/subdirectory/resourceX and was like "shit, I was hoping to find resourceY but I can't find a link to it, I wonder if I just click in my address bar and change the X to a Y", and voila, resourceY is right there.

To some of us, this is elementary navigation. Like going up the stairs if the elevator is out. Often it's faster than waiting for the damn elevator, too.

To others, it's cybarrrr-criiiimeeee!!!!!!11111one

People have already been imprisoned for this, one case I can think of off the top of my head is https://en.wikipedia.org/wiki/Goatse_Security#AT&T/iPad_emai....

Continental Airlines had an active frequent flyer community. A student emerged as a legendary figure (think "Hunger Games") after she noticed that Continental announcement URLs were numbered sequentially, and a not-yet-released announcement rather unfavorable to current elites was there for anyone to read. Quite the brew-ha-ha. Continental retreated.

She was nevertheless welcome at a frequent flyer event hosted by Continental in Houston, where she beat me at poker.

I don't know the details of the case, but what they worded there is a textbook unauthorized intrusion and a naïve teenager "the door was open" defense.

Mind you there can be nuances, but that quote is like saying "I took their stuff, but it was poking out of their pocket."

I think people have a heightened reaction to threats based on the CFAA for "the door was open" circumstances because that law is so widely known for being used in threats against folks who were trying to ethically report things and in overly-aggressive prosecutions.

Of course, we don't yet know the specifics of this particular case, but I'm willing to lean towards the people receiving legal letters threatening CFAA action until there's more information.

No, it's more like "the door was open" in the context of a storefront. A public website carries an implicit invitation to visit, otherwise web browsing would be illegal.

It is bit grey area. You are evaluating something. Do some basic checks. Actually end up seeing something you should not. You stop and tell them to fix it. They then silence you.

Now it is bit questionable should you check things like this during evaluation or not. Strict legal reading probably not. With reasonable customer relations you thank them and put it on top of the priority list. Unless they clearly enumerated everything they got their hands on or tried to run more real scans.