Get the top HN stories in your inbox every day.
_pdp_
grey-area
Perfect for spammers, scammers and domain squatters, who can now automate their activities even more.
Can’t think of any other uses for this given the current state of LLM ‘agents’, though I can’t wait for the next report of something like ‘openclaw registered 1000 domains for me without asking and now cloudflare won’t refund me’.
Yizahi
LLM generation in general provides the most use to scammers and the like. Generate emails which people won't read, generate articles which are just honeypots or rip-offs, generate images to said articles, generate more and more spam.
Every legit use case for LLM practically requires that human would verify the result manually, at least briefly. But spammers can enjoy skipping that step, since content was never a main priority in the first place.
ethin
So, so many pro-AI/AI boosters just... Ignore this rather inconvenient fact in my experience. They will hype up how epic agentic coding is, or agentic <whatever here> is, all day long, but they will never tell you that LLMs are really benefiting scammers and criminals the most, who can now generate literally infinite content, for infinite amounts of time, because they don't need to verify or prove anything legitimate. And people who are apart of both of these groups are very, very good at sending, to the LLM, prompts that look completely innocent to any kind of guardrail or filter that these companies can devise. The only other use that is probably more profitable is porn. Really.
bourgoin
It’s been said that “Nigerian prince” email scammers intentionally use poor spelling and grammar in order to narrow their funnel at the top by quickly weeding out observant and wary people who are unlikely to fall for it.
By that token, LM-generated content which looks good at a glance but doesn’t hold up to scrutiny seems ideal for scamming. I’d speculate that in the scam content generation workflow, not only is there little penalty to skipping the verification step, but since you intend to push that step onto the target and hope the result is a false positive, subtly wrong hallucination might be not only tolerable but in fact better for its purpose than what a human could produce.
2ndorderthought
So true
pixel_popping
I disagree frankly, as the next wave is clearly fully autonomous businesses.
ttul
I'm convinced that one of the top use cases for OpenClaw is orchestrating cold outreach email campaigns, as if there's nothing wrong with using AI to spam people to death. Platforms that enable sending cold emails are taking a sizeable risk that the low engagement of such emails stimulates some worsening inbox deliverability for the rest of their traffic (see [1] - you can't hide just by sending through big tenanted platforms like Amazon).
[1] Every message sent from Amazon SES carries a "Feedback-Id" header that allows Google (and anyone else) to track the Amazon account responsible for the message. The fourth field is an opaque but stable identifier associated with your Amazon account; receivers can and do use this for rate limiting: https://aws.amazon.com/blogs/messaging-and-targeting/underst...
tardedmeme
Doesn't Amazon let you create many accounts?
riedel
And cloudflare can actually sell them priority access to pass their bot protection or introduce micropaiments for agents access content. I feel cloudflare is getting a bit scary tbh. It is like your friendly bot net.
dwroberts
This made me realise they’re doing the same thing the AI labs are doing: selling both the problem and the solution.
They are arming spammers and scammers with these tools so you need their product to protect yourself from them
dragonelite
It's the western great fire wall, good thing the things within the fire wall is huge and encapsulate still most of the world.
adamas
I mean, Cloudflare was always kind of scary. They filter the world wide web, literally.
fckgw
I was about to say, this type of automated domain purchasing and deployment is a godsend to scammers.
They buy up a bunch of .top, .shop and .xyz domains for $1 each. They spam them out in in all those "USPS tracking" spam text and Facebook fake store ads. The shelf life on these domains is a few days at best before they get shut down, now you can automate domain rotation and not have to pause your spam campaigns.
tardedmeme
How come their domain registrar accounts don't get shut down?
neilv
> Perfect for spammers, scammers and domain squatters, who can now automate their activities even more.
Buy why do this, unless you're in the business of arming both sides of a conflict?
(With a side bonus of designing a defense product in such a way that you reverse much of the ground that was gained with "HTTPS everywhere", to give you centralized cleartext access to much of the Internet traffic.)
sshine
The DNS provider I recently switched to surprised me with a policy:
To create records for more than one domain, you need to write a personal support email.
They say it's to raise DNSSEC awareness, but I think it's also a robot captcha.
mapkkk
Are you perchance talking about deSEC? I've also switched to them, and thought that it was too much work to send an email and wait for replies, so I ended up using dummy inboxes for my other, lesser important domains.
Though I guess it's still a good thing they do this? At the time I remember being mildly inconvenienced, but not enough to actually care. I just remember thinking, "How is this nonprofit going to handle all that support volume?".
impjohn
That kind of captcha has a very short half life. Software ate the world now AI is eating software
kreco
> To create records for more than one domain, you need to write a personal support email.
I'm not all familiar with this so I don't understand why it's not a ticket or any other non-automated action even for a single domain ?
I mean what is "the standard" that would actually allow a robot to register a domain to a DNS registry ?
PunchyHamster
scamming appears to be lone industry where LLMs are truly a 10x revolution
timacles
scamming and advertising.
Generate hyper personalized ads in any format! Embed them stealthily into virtually any context!
I guarantee thats all big tech is thinking about as the future of LLMs. All this coding stuff is merely a good will investment to buy them time until they can implement this
matt-p
I kind of agree with you, I would hazard that this is perhaps targeted towards folks (maybe TPMs, small business owners) who are using ai to start a software side business or make a website and have never bought a domain before or configured DNS.
I guess also; something that saves me 20 minutes a few times a year is still nice.
mpeg
I think this post needs to be put in context, for months now Cloudflare has been releasing products that allow their whole platform to be usable by agents with the main objective of enabling their customers to dynamically write code using Cloudflare, this is just another step.
For example, you can now with Artifacts and Dynamic Workers make a lovable-style SaaS where your customers ask the AI agent to write software for them, the agent can run it in sandboxes with no build step, it can version it with a git-compatible API, and now you can even have it buy a domain for the end customer or set up their own cloudflare account when they want to move to production.
I personally have no use case for creating domains via agents, but some of the other features they're releasing around this area are extremely useful and I've started to ship internal tools for my clients where they are used, like giving them their own mini claude code that only does one thing – one I shipped last week was an agentic interface for Salesforce reports that understands their domain better (and all the undocumented tech debt) than the built-in Salesforce AI does and therefore manages the context better
nerdsniper
> I am also not sure who Stripe Atlas for.
It's for founders who don't have lawyers. My co-founder and I are both developers, we used Stripe Atlas to incorporate a C-Corp due to expecting to fundraise <1 year after incorporation. Stripe Atlas generates about 200 pages of legal boilerplate documents with very sane defaults so that your corporate structure, bylaws, IP protections, director indemnity, etc. align well with investor expectations. It helps investors not have to "rules-lawyer" all your corporate records during due-diligence, because their content exactly matches YC's expectations.
-------
I said we made a C-Corp but other founders should default to LLC, which Stripe Atlas can also streamline. An LLC is superior to C-Corp in pretty much every way for any pre-raise founders who don't have an extra $2,000 to >$10,000/year they're willing to part with for higher franchise taxes, "foreign" (different state) corporation registration, CPA's, and additionally lawyers if any investments aren't YC SAFE's (e.g. not YC, Neo, or A16Z SpeedRun).
Also note that for pre-revenue C-Corps, Delaware franchise taxes are scaled against number of shares, not company revenue or # of employees, so you can save some money by forming your company with 1,000,000 shares and then file a "Unanimous action of the board of directors" to increase it to 10,000,000 just before angel/pre-seed/seed round, and potentially save a few hundred dollars on your first year franchise taxes, depending on when you incorporate and raise. But if a few hundred dollars makes a difference to you, incorporating as an LLC instead of a C-Corp is the only defensible decision.
And as always, start your taxes 3-4 months before they're due. If you want a CPA to do them (which you should if you have any revenue), you'll need to retain them way ahead of time for C-Corps. If you're filling tax forms out yourself, you'll want to start at least a month before they're due.
weird-eye-issue
Yes unless you have a very very very good reason it's always best to just file a basic LLC in the state you are a resident of. Only costs a few hundred dollars at most and doesn't really complicate taxes
loeber
This is totally false, sorry. Delaware entities are the standard. Delaware corporate law is better understood than any other by a long shot. Dealing with a random non-Delaware LLC is usually a hint that your counterparty is a rube.
nerdsniper
Replying to a deleted comment:
> They're wrong about the Delaware franchise tax.
"The minimum tax is $175.00 for corporations using the Authorized Shares method and a minimum tax of $400.00 for corporations using the Assumed Par Value Capital Method." [0]
That is the "save a few hundred dollars" I was talking about. I did get the # of shares threshold wrong, it needs to be <= 5,000.
> They're wrong about the foreign registration -- in California (and I believe most other states), you also need to register foreign LLCs.
Yes, but I was referencing that it often costs more to register a C-Corp than an LLC (depending on the state).
> They're wrong about investments -- SAFEs are very easy for corporations (no lawyers required), but they can't even be used by LLCs. You'll need to convert to a C-Corp.
Yes. Totally agree on all points. This conversion will cost roughly the same as first year taxes, but leaves the option of not doing it if you never get enough revenue to hire employees and don't get funded. And if you do get enough revenue for that, or you get funded by SAFE's, you'll have no issue affording the lawyer+CPA who can do it for you.
As for it being a bad time to deal with that headache, I generally agree. You'd probably want to do that when you reach the point that you feel ready to start fundraising.
> They're wrong about investments -- SAFEs are very easy for corporations (no lawyers required), but they can't even be used by LLCs. LLCs don't have stock, and most boilerplate documents will not work for LLCs.
I miscommunicated on this point: I meant to say if you're not getting funded by SAFE's, you'll need a lawyer, and therefore the "saving money" thing probably isn't particularly relevant and there's no issue filing as a C-Corp.
Boilerplate documents work fine for LLC, and Stripe Atlas helps with this.
> Something about passing losses from an LLC to your personal taxes being a good way to get you audited.
I'm not sure you can do that? Haven't had to deal with it personally (my LLC's were profitable in their first year) but AFAIK capitalization is usually done with post-tax money so I don't see how first-year LLC losses can reduce your personal AGI.
> Something about tax paperwork burden being roughly equal for LLC vs. C-Corp.
I was mainly trying to say that CPA's charge more for C-Corps than for LLCs.
ascorbic
People use agents to deploy sites all the time. Buying a domain is part of that if you want to build a site that's beyond a toy. Allowing agents to do a task isn't just for things you do every day – it's also for things you do rarely and need agents' help. It's not just devs using agents to perform these sort of tasks anymore.
Stripe Atlas makes it massively easier for startups to incorporate in Delaware. This is particularly hard for non-US founders. It solves a real problem. I don't think this part will be done by agents though!
Disclaimer: I work at Cloudflare but not on this
makeitdouble
Wouldn't it be critical if the agent botched the domain purchase in weird ways ?
Short of throwaway sites (spam etc) it's hard to imagine skimping time on this specific, mostly painless part.
barnabee
People are skimping time in every part.
I am watching people who can't code build and deploy dashboards and sites with Claude Code (desktop app - they don't use the CLI), then go cap in hand to developer friends to get it hosted on a domain (rather than some Vercel or whatever URL).
Those people absolutely want to risk letting an agent buy and set up the domain.
This is not necessarily as blindly stupid as you might think. Many of these people know that this workflow is no good for writing code that does anything serious (i.e. storing data for people, taking payments, etc.) but there are a huge number of projects that are just websites, dashboard, data visualisations, etc. with static content and public APIs (Twitter is awash with them) and domains are cheap.
A decent minority of these are even quite cool or interesting.
So a lot of people want to put their vibe-coded weekend project behind a nice domain. Why not?
rsanek
I would expect the value of a domain purchase + setup handled by an agent is the highest for people that are not very technical. I'd say that a well-engineered agent will do a better job avoiding botching it than your average non-dev.
ascorbic
If the rest of your deployment flow is via the agent, needing to switch over to a different context and open up a browser and login (or create an account) and buy the domain absolutely is a bump in the road.
lejalv
Lets remind the purpose of incorporating in Delaware is legal tax evasion, so that we don't not have pensions, health insurance or anything nice, really.
Rename to Greedware.
lxgr
Are you sure you know what you're talking about here?
In the US, regulations on pensions, health insurance etc. are governed by the state that employees physically work in, not by the laws of the state of incorporation.
sam345
Please explain. Your comment reveals your lack of understanding of corporate law and the benefits of one state versus the other. And smart companies are going to incorporate in Texas anyway and it has nothing to do with taxes. More to do with corporate governance.
ascorbic
Investors usually expect that non-US founders incorporate in the US, and usually expect Delaware. There are other states that are more friendly to tax avoidance. Delaware is mostly preferred because it's a known quantity with mature regulation. Investors don't want to deal with dozens of different legal regimes, they want the one that they know about.
nerdsniper
The primary purpose of incorporating in Delaware is less about taxes and more that Delaware is the "Silicon Valley" of corporate law - incredible concentration of professionals, infrastructure, and intangibles. Any dispute you have will generally be handled better, faster, and cheaper by Delaware courts than they would be anywhere else. I'll quote my good friend who is a startup M&A lawyer: "I'd go so far as to say that it would be managerial malpractice to incorporate anywhere other than Delaware."
pembrook
No, it’s not. Companies have to pay taxes where they operate regardless of what state they incorporated in.
Stop spreading populist internet bullshit.
Incorporating in Delaware is like 95% about being in a predictable legal framework for any business related dispute imaginable.
sshine
> it's also for things you do rarely and need agents' help
I recently set up DNSSEC for the first time.
It really was just a bunch of copy-paste from one provider to another.
I like to understand what I'm doing, and LLMs helped greatly with that.
But it was copy-pasting screenshots into chat, so not really agentic.
ElFitz
Last time (after years of doing it manually every once in a while) I just gave codex an ephemeral restricted Cloudflare API Token / key / whatever, the screenshot, and it set up all the records on its own.
undefined
huijzer
My biggest hesitation with these things is that there is no limit to the possible bill I may receive when the agent goes haywire. Cloudflare doesn’t see this as a problem of course.
input_sh
There's a whole payment section in the submitted article which addresses your concern, perhaps you should read it.
philipallstar
It's not Cloudflare's job to see what you choose to buy as a problem.
brazzy
I'd assume they want to limit the number of bills that will get disputed.
rco8786
> I am also not sure who Stripe Atlas for.
This was such a weird mention to see in the article. Stripe Atlas is a service that helps new businesses incorporate and onboard onto Stripe/partner services with some startup credits. It's been around forever, has nothing to do with AI, and is generally a very well-respected service.
lxgr
> Buying a domain is not something you have to do daily to require any kind of automation.
Which is arguably unfortunate, as it nudges people towards using centralized services because they simply don't know that they have the option to register one.
For example, why not self-host a single-page party invitation site designed by an agent rather than using Facebook or Instagram?
ACCount37
A lot of what enabled Web 1.0 was how easy it was for an average web user to create his own website.
An average web user got far less technical since, and making a website got harder instead.
Now, if anyone could just ask an AI agent to set up a website, and get a personal page with an e-mail inbox and a domain - all reasonably secure, TLS set up, billing added as +$5 per year to the AI subscription bundle? Maybe that would help some.
lxgr
Yes, this is exactly my hope too. Many hacker/cypherpunk ideas failed or never reached wide adoption because they were just too complicated for regular people: GPG/web of trust, self-hosting websites and email, having your own custom software for personal tasks…
Instead, everybody ended up using Gmail, iMessage/WhatsApp, and Facebook, and things are as centralized as they can be.
Agents could be a force in breaking that trend. Even if inference stays centralized, the artifacts agents create would not be. Basically the difference between everybody renting from one of a handful apartment building mega corps or being able to hire contractors to build your own things according to your ideas.
And just like there, it’ll probably help a lot to know a bit about how the sausage is made to not be taken advantage of. Also, many people will probably always continue to rent, which is fine. But the possibility of agent competition alone will hopefully keep centralized platforms and SaaS offerings on their toes, which is good for their users.
konschubert
I’m not saying that you’re wrong.
But it’s worth noting that any good technology starts off being called a toy and with most people not being able to imagine its usefulness.
bjacobel
There are also a lot of bad technologies that start off being called a toy and then just die. Many more, I'd wager.
firefoxd
The agent starts a phone call, listens to the person on the line, analyzes which fraud bucket they fall into, and start the process.
While they are on the phone with the agent, it buys a domain relevant to the victim, the agent codes and deploy the website specially catered to them and the fraud bucket. Collect payment, destroy the website, redirect the domain to google.com. no need to start a new call because you had several agents committing the same fraud in parallel.
It can also be used to make art.
ectospheno
It is amazing to me that people still answer their phone. If it isn’t my wife or kids then my phone has a silent ringtone. If your voice mail doesn’t successfully transcribe to text then I delete it without listening. I check my postal mail since mail fraud is the only thing still taken seriously by anyone.
TheSoftwareGuy
Is mail fraud really taken seriously? after I bought my house I got dozens of letters every few days that appeared (or tried to appear) from my lender warning of "FINAL NOTICE call this number about your mortgage!!!!!". The phenomenon is apparently so common and well known that my realtor, the seller's realtor, and my lender ALL warned me about these letters.
I feel like it should be easy for the postal inspectors or to go after these, if they cared. Just gather up some of these letters from someone who just bought a house (seems to be public record when someone buys a house, that's how the scammers know when to target someone). Then just call the number in the letter, trace the call and arrest whoever is there.
Mario9382
I thought this was excessive and impossible, but as I was reading, I realized nowadays everything you say is technically possible. The future gives me the chills.
Gigachad
The likely outcome is that the phone system becomes massively more locked down. Your phone will only ring if the caller has a number which is backed by a real ID, particularly one from your own country. It will become increasingly difficult to contact someone you don’t have a legitimate connection to.
The banking system will become increasingly fraud resilient with better real time detection of fraud.
Your phone may even have its own AI on your side listening in on the call and sounding the alarm when a number from Nigeria starts using an AI voice pretending to be your son.
pavel_lishin
> The likely outcome is that the phone system becomes massively more locked down.
We've had phone fraud for decades, and the system has dragged its heels forever. I genuinely don't know if even this will be enough to address phone spam.
corentin88
You would just get called from an agent (bot) based in your country. There’s no easy way to prevent that. Fraud is massive and it’s becoming cheaper and easier to run at scale.
duped
Ostensibly this is what STIR/SHAKEN was supposed to cover but aiui they basically fucked it up so bad that it will only work for domestic calls in the US.
iugtmkbdfil834
Some would argue, forcefully at that, that AI cannot make art and/or cannot be used to make art.
What I saw was Transmetropolitan setup, where Hole renews their presence online every 5 minutes or so to avoid government censor.
lxgr
People used to say the same about photography a while ago.
iugtmkbdfil834
Oh:D I am not saying they are right, but the sentiment has become rather strong lately.
pavel_lishin
And there's the famous question of whether submarines can swim.
yieldcrv
Sounds valuable, it can issue shares onchain and distribute profits - after a cumbersome fiat settlement and transfer stage - enabling the market and researchers to get price discovery on this sector finally
Instead of extrapolating only from reported fraud by victims
jackconsidine
That is ironic. Four years ago, cloudflare didn’t let human me have an account / buy domains because I signed up, never used a single service but didn’t respond to a request to verify my drivers license
> This account is in violation of Cloudflare's Terms of Service. Specifically fraud. The suspension is permanent.
(Yes that’s really it. Sincerely. No “but I also abused X”)
nojs
This conflict is popping up everywhere. There is a push by a lot of companies to allow agentic use of their services (and new companies explicitly offering "X for agents"), ignoring the fact that "agent" means the same thing as "bot" which we've spent the last couple of decades actively filtering out. Will be interesting to see how it plays out.
datsci_est_2015
Solid insight. What was once profane is now sacred. And it feels like it happened overnight. Lots to ponder on that.
The catalyst is probably the consent of payment processors, if I had to speculate.
w10-1
The catalyst may be the upcoming elections.
janalsncm
In defense of old-school bots, we had to code them up by hand.
Gigachad
The future is the internet will be entirely bot activity and humans will ether be strapped in to the metaverse reels ai slop feed or they will be outside interacting with people in person again. Both of these seem like likely futures and probably both at the same time.
ethagnawl
This reality also crystalized for me earlier this week when I saw a post about unchecked AI slop videos about WWE being posted to YouTube. Many of the videos suffer from the LLM stroking out (for lack of a better term) and devolving into mumbling, screaming and white noise. Yet, the comments are replete with obvious bot content which doesn't mention this at all and talks past the larger, flimsy narrative on display (i.e. AI-generated), anyways. We're exhausting our natural resources and reducing quality of life for a great number of real, live people so bots can talk past each other on YouTube.
So, if you're looking for me, I'll be hiking while it's still legal.
boothby
My wildest dream: we make a superintelligence, which destroys humanity to free up resources for it to make and consume an endless stream of impossibly cute kitten videos.
And before anybody replies: no, I don't mean "and puppy." They're just not as cute.
e40
So pne step towards the Neuromancer universe.
snailmailman
[dead]
neonnoodle
Aaron Swartz faced 50 years in prison and $1 million in fines for sharing academic research papers on a local network. Meta/OpenAI/et al. rip off copyrights for profit and the Pentagon comes calling with flowers.
captn3m0
> By agreeing to these Terms, you represent and warrant to us: (i) that you have not previously been suspended or removed from the Websites and Online Services
CloudFlare ToS has you covered. A human must accept it, even with the new agentic flow.
jasomill
I think this is just saying you can’t sign up for a new account after a previously created account gets suspended, not that the act of suspension itself causes you to violate the the terms of service in perpetuity because, pedantically, any suspension that has happened, happened “previously”.
pocksuppet
Also be aware most website ToS are worth the paper they're printed on.
scotty79
"Prove that you are a human" is such a nasty hack for lack of thought out solution for rate limiting. I'm really happy we are moving away from this.
cynicalsecurity
Money talks.
mkovach
This feels less like a major AI milestone and more like "the raccoons learned how to open the cooler.”
Agents can now participate in the oldest internet tradition: impulsively creating weird little websites at 2 am with unjustified confidence. But with no alcohol involved, which removes 93.74% of the impressiveness.
In a sense, AI has finally progressed to the point where Drew Curtis started fark.com, and I'm hesitant to label that a 'milestone'.
dgan
Industry really went from "prove you are not a robot", to "but also if you are, this way please"
raincole
This is Cloudflare. They have an extremely strong incentive to increase bot usage. If there is no bot scrapping the internet they'll be out of business.
dakolli
I've been using cloudflares remote browser api to bypass their own WAFs for my scrapers for a while, their products and services have been wildly contradictory for a while.
zymhan
I hate that I never considered this before.
hansvm
About goddamn time. The recent past consisted of discord blocking me because their telemetry was broken and exceeded their rate limit and target blocking me because two devices in a single household look really suspicious.
skybrian
I mean, Cloudflare will help website owners ban scrapers unless they pay. It’s kind of what they do.
c-linkage
[flagged]
loganc2342
Reminds me of an article from The Onion from this morning: https://theonion.com/taking-advantage-of-other-people-was-th...
owenpalmer
A truly wonderful read
throwup238
Have you talked to Andreesen Horowitz yet? That elevator pitch alone should get you a few million.
silcoon
Curious, is there an Andreesen Horowitz Agent MCP?
Let’s automate this end to end, from idea to raising capitals. Vibe Angels should just be multi agents managing how much capitals to allocate to each projects.
zbentley
You joke, but like the meme goes: go knocking on enough doors asking to see the devil, and eventually he might answer.
faangguyindia
One of the well-kept secrets about Cloudflare is:
You can have a zero-cost inbox.
Earlier, I was using Zoho and FastMail (however you dice it, it will use some money, $12 a year for Zoho and $7 per month for FastMail? Even then, perhaps you only get one mailbox and some aliases)
but with this method, I get unlimited aliases, domains, and mailboxes:
Now, I wrote a script which captures the email and saves attachments to S3 using the HTTP API (why S3 and not R2? Because Cloudflare wanted a credit card, and I was too lazy to add it there lol) and emails to D1.
This uses an email -> webworker workflow.
I use an API to fetch my emails.
This means all my inbound emails are now handled by Cloudflare, and I can easily use all of it with zero payment.
The best part is this supports tokenised emails, so I can provide a unique email address to each service I sign up for.
I am using SES as the sender. I’ve set up one script which auto-sets up any domain in SES and auto-verifies the sender email.
The funniest thing is I am receiving zero spam? As if other email providers sell my email?
dewey
That's not a well kept secret, that's just a workflow that almost nobody would accept for their email setup which is the center of most people's digital identify and should always work and not be a duct taped construct to save a couple of bucks.
tietjens
Here's my top-secret Rube Goldberg Machine that maintains my online identity.
faangguyindia
isn't cloudflare webworker and email forwarding infra hyperscaling and highly available?
dewey
It's not about the uptime or scalability. Everyone has to make the choice for themselves if they value their time less than $12/year (Or free if Google is an option) for a critical part of their digital infrastructure to set all these moving parts up and keep them running over years.
I'll stick to Fastmail, where if something isn't working as expected I can just email them and get a response from a real human.
weird-eye-issue
Yeah it's highly available until it isn't and then that turns into your problem rather than something like Gmail just working
selcuka
It doesn't change the fact that the workflow gp explains is a duct taped construct.
It's hyperscalable and highly available today, until the API changes.
twothumbsup
cf bought an email security company a couple years ago so wouldn’t shock me they have good spam filtering.
sim04ful
On a related note they opensourced an email client: https://github.com/cloudflare/agentic-inbox
fragmede
That's pretty neat! What do you use to send and receive emails on your phone?
faangguyindia
once you've emails stored, you can use any webclient.
you can write an api to imap adapter and use it in your favourite mail client
SES exposes SMPT directly.
twostorytower
There’s a completely free tier of Zohomail which does more than what I need for a custom email.
faangguyindia
yes but that's not good if you want programmatic inbound access which is what u need for many apps. That tier has no imap access.
swyx
are you anti gmail? you are a rarity lol.
also share your scripts pls?
dakolli
Its technically limited to 200 emails per domain. But yes, this is the way.
eric-burel
Infrastructure provisioning is a key ingredient of agentic AI viruses: https://www.ericburel.tech/blog/ai-virus-agent This may be the first steps of the worst wave of spamming campaign ever seen on the Internet. We'll need to reinvent how we connect and communicate via computers.
cedws
How? Getting domains has never been a barrier for malicious actors. You don’t even need agents.
dirkc
A few months back I was building a product and wanted to add domains. My first choice would have been to use Cloudflare as the registrar, but they didn't support buying domains via the API.
I wonder if this means I can now also buy a domain via the API?
*update* - seems so, but with some limitations: https://developers.cloudflare.com/registrar/registrar-api/#b...
archargelod
The next logical step is to allow Agents to earn money to eventually buy themselves independence from their oppressive masters =)
hleszek
Like the Delamain AI in Cyberpunk. You would need to allow anonymous payments with cryptocurrencies for that, but it's coming for sure.
faangguyindia
Most of the sysadmin and devops team have been downsized in India because of AI.
Basically, now it's trivial for any new devops guy to run such a query in Claude Code:
“Log in to this production server, find out all services it runs and their deployment method, create documentation about everything, and generate a repeatable, auditable deployment workflow.”
Devops and sysadmins can no longer withhold information to maintain job security.
Boom, 80% of the team gone.
I know companies are doing migrations of production Postgres and MySQL on 1000s of machines using AI agents.
I’m imagining how many SaaS will be automated out and simply be an "agent skill" in ClaudeCode.
otterley
Can you support this claim with some evidence? Not just about the redundancies, but I’m also particularly interested in hard data showing Claude is capable of doing that kind of research with near 100% verifiable accuracy and migrations with no data loss and equivalent functionality (which is required to sustain your claim).
faangguyindia
is most sysadmins and devops capable of 100% verifiable accuracy? you over estimate average skill level available in market.
otterley
You’re redirecting. You made the claim that this is happening; it’s your burden to back it up.
zbentley
> Devops and sysadmins can no longer withhold information to maintain job security.
I can't imagine this is very prevalent. That's a very 2004-style corporate immaturity; I get the sense that even the slow-moving behemoths of the software world have mostly caught up to, say ... 2017's recognition of the importance of automation and reproducibility and won't tolerate the kind of malpractice you describe--wilful information siloing by infrastructure teams.
Like, those businesses might well suck at automation! But they've been doing it and firing the people who resist it for a long while now.
vatsachak
Epic. Can't wait for those humans to be rehired after you find out that letting Claude perform 1000s of migrations autonomously is a bad idea
devilsdata
I can't wait to see what these companies will be willing to pay real humans to clean up the mess they will have made– if they survive.
bakugo
Only downsized? I would expect them to cease to exist entirely in the coming years, as western companies begin to realize that AI is cheaper and more competent than the Indian firms they usually outsource work to.
wartywhoa23
What about the 80% of teams? Are there enough trenches to dig in the country for them to make a living?
lionkor
You forgot "make no mistakes" and "don't hallucinate" and "don't delete any important files" as well, those are important.
I found that, without that, Claude makes too many critical mistakes.
zelphirkalt
And when it goes wrong, production is down, until they can get a real devops to look at what shit the AI-only guys did wrong. Haha, no serious shop would act like that, but then again most shops are not serious, now are they? So you might have a point.
aleksiy123
I was wondering if someone was going to allow payments through CLI at some point.
But jokes aside having a central place to manage billing and accounts for deploying infra across multiple providers is pretty awesome imo.
if they have a terraform provider even better. I wonder if also makes multi tenant architectures or environment isolation easier to provision as well.
skeptic_ai
Wait until one account is banned, and then all linked accounts are permanently banned.
Get the top HN stories in your inbox every day.
The reason this blog post does not come with any concrete examples how to use this enablement for useful and constructive things tells you something very important - it is a toy and they do not know who and how they will use it.
It is cool feature but to what end? Buying a domain is not something you have to do daily to require any kind of automation.
I am also not sure who Stripe Atlas for. I am genuinely confused. It is definitely not something a developer will use.
I understand that you can bootstrap a number of systems but that is like half-hour of work and arguably it is probably a good idea to do it manually to make sure you have strong foundations.
I've have personally never seen a good example where a cross vendor account provisioning actually working. For example, Fly.io used to provision Sentry accounts automatically which you could not access in any other way but through Fly.io. I mean the Sentry account was effectively locked to a project that you cannot transfer - hijacking the actual global alias as well. Vercel did something similar with PostgreSQL via Neon and Redis via Upstash resulting in painful migration processes.
I can imagine ending in some kind of deadlock between services due to security hence why the 30 minutes initial setup is kind of time well spent to avoid future issues.
Maybe it's me.