NHacker Next
- new
- past
- show
- ask
- show
- jobs
- submit
login
Rendered at 13:59:13 GMT+0000 (Coordinated Universal Time) with Vercel.
While they are on the phone with the agent, it buys a domain relevant to the victim, the agent codes and deploy the website specially catered to them and the fraud bucket. Collect payment, destroy the website, redirect the domain to google.com. no need to start a new call because you had several agents committing the same fraud in parallel.
It can also be used to make art.
I feel like it should be easy for the postal inspectors or to go after these, if they cared. Just gather up some of these letters from someone who just bought a house (seems to be public record when someone buys a house, that's how the scammers know when to target someone). Then just call the number in the letter, trace the call and arrest whoever is there.
The banking system will become increasingly fraud resilient with better real time detection of fraud.
Your phone may even have its own AI on your side listening in on the call and sounding the alarm when a number from Nigeria starts using an AI voice pretending to be your son.
We've had phone fraud for decades, and the system has dragged its heels forever. I genuinely don't know if even this will be enough to address phone spam.
As a result, it's very difficult for me to use a lot of Chinese websites and it's a pretty sizable barrier to hardware development when Chinese citizens can just download the relevant datasheet off some Chinese forum in 5 minutes, but I have to sign NDA's with western companies or figure out how to WeChat a Chinese OEM to send me their datasheets.
Phone numbers in Australia are also all tied to ID. If there is a will to fix the system, it can be done.
What I saw was Transmetropolitan setup, where Hole renews their presence online every 5 minutes or so to avoid government censor.
Instead of extrapolating only from reported fraud by victims
> This account is in violation of Cloudflare's Terms of Service. Specifically fraud. The suspension is permanent.
(Yes that’s really it. Sincerely. No “but I also abused X”)
The catalyst is probably the consent of payment processors, if I had to speculate.
So, if you're looking for me, I'll be hiking while it's still legal.
And before anybody replies: no, I don't mean "and puppy." They're just not as cute.
CloudFlare ToS has you covered. A human must accept it, even with the new agentic flow.
Agents can now participate in the oldest internet tradition: impulsively creating weird little websites at 2 am with unjustified confidence. But with no alcohol involved, which removes 93.74% of the impressiveness.
In a sense, AI has finally progressed to the point where Drew Curtis started fark.com, and I'm hesitant to label that a 'milestone'.
Let’s automate this end to end, from idea to raising capitals. Vibe Angels should just be multi agents managing how much capitals to allocate to each projects.
You can have a zero-cost inbox.
Earlier, I was using Zoho and FastMail (however you dice it, it will use some money, $12 a year for Zoho and $7 per month for FastMail? Even then, perhaps you only get one mailbox and some aliases)
but with this method, I get unlimited aliases, domains, and mailboxes:
Now, I wrote a script which captures the email and saves attachments to S3 using the HTTP API (why S3 and not R2? Because Cloudflare wanted a credit card, and I was too lazy to add it there lol) and emails to D1.
This uses an email -> webworker workflow.
I use an API to fetch my emails.
This means all my inbound emails are now handled by Cloudflare, and I can easily use all of it with zero payment.
The best part is this supports tokenised emails, so I can provide a unique email address to each service I sign up for.
I am using SES as the sender. I’ve set up one script which auto-sets up any domain in SES and auto-verifies the sender email.
The funniest thing is I am receiving zero spam? As if other email providers sell my email?
I'll stick to Fastmail, where if something isn't working as expected I can just email them and get a response from a real human.
It's hyperscalable and highly available today, until the API changes.
you can write an api to imap adapter and use it in your favourite mail client
SES exposes SMPT directly.
also share your scripts pls?
I wonder if this means I can now also buy a domain via the API?
*update* - seems so, but with some limitations: https://developers.cloudflare.com/registrar/registrar-api/#b...
Basically, now it's trivial for any new devops guy to run such a query in Claude Code:
“Log in to this production server, find out all services it runs and their deployment method, create documentation about everything, and generate a repeatable, auditable deployment workflow.”
Devops and sysadmins can no longer withhold information to maintain job security.
Boom, 80% of the team gone.
I know companies are doing migrations of production Postgres and MySQL on 1000s of machines using AI agents.
I’m imagining how many SaaS will be automated out and simply be an "agent skill" in ClaudeCode.
I can't imagine this is very prevalent. That's a very 2004-style corporate immaturity; I get the sense that even the slow-moving behemoths of the software world have mostly caught up to, say ... 2017's recognition of the importance of automation and reproducibility and won't tolerate the kind of malpractice you describe--wilful information siloing by infrastructure teams.
Like, those businesses might well suck at automation! But they've been doing it and firing the people who resist it for a long while now.
I found that, without that, Claude makes too many critical mistakes.
But jokes aside having a central place to manage billing and accounts for deploying infra across multiple providers is pretty awesome imo.
if they have a terraform provider even better. I wonder if also makes multi tenant architectures or environment isolation easier to provision as well.
Soft scammers, fraudsters and defamers are celebrating in copying websites for malicious intent.
For sure this is going to get abused.
I don't get the spammer thing? You'll still need to verify your identity, as the whole thing uses stripe? So I don't get all the hate...
I prefer to delegate as much as possible to AI services once I have a mature process that is easy to validate. Buying a domain name feels pretty mature to me etc, so I don't get where all the hate is coming from?
(Maybe I'm way to deep in the whole AI/Jack Dorsey/Block model?)
Maybe they should fix the regular flow before automating it with agents?
It’s a straightforward technical problem to wrap an API or MCP or something around the “create an account” function.
But what will a court do when the agent creates a million accounts, mines bitcoin for a month, and then cannot or will not pay?
It's already not clear what it means for humans to do it, but it doesn't prevent every single service from asking it. At least an AI has a chance to ingest it all.
Solving humanity's issues, one more issue at a time
Also, when an agent sets up a domain, who is the domain owner? Who responds to takedown requests? What if it then decides to host illegal content at the domain (generated or otherwise). Who is responsible? Agents aren't (yet) legal persons, so it must be the person who owns the agent, but if that person never even sees the legal agreement being agreed to how would it hold up in court? If the person didn't direct the creation or hosting of illegal content, what then?
And it's not like pro agent companies have a reason to self regulate. They're not going to absorb that liability voluntarily, they'll push it onto users contractually (most of them already do). This is just another channel to bring in customers. They will capitalize ruthlessly to increase their bottom line.
Good thing the fraud is committed in places that specifically don't prosecute fraud when it's targeted against Western countries.
Curious if Cloudflare's flow has any built-in "did this actually work" verification, or if it's all "tool returned, move on.
Edit: composer 2 found a way to fix the initialization by setting an environment variable and it worked after doing that, but the docs didn't say to set the variable and Rami didn't know I should do that, so it is a bug
Note: I am a CloudFlare customer, but on a very low plan and probably have no use for this.
This involves copy-pasting DNSSEC properties from one web interface into another.
Pretty much everything but this step has been automated in my website creation process: Picking a git template for my site, creating the git repository remotely on my self-hosted Forgejo, setting up the webserver and the DNS using external-dns. Only the domain creation and initial pointing of NS and DNSSEC records is something I sit and do.
I'm not willing to switch to Cloudflare for this feature.
But it reminds me there's more to automate.
I’m not trying to shamelessly promote here but since you asked one of them is at jobwiz.biz
beta.jobwiz.biz
The agent does everything. “Make a website that does…“ and it can handle everything from start to finish. It’s that good now.
I suppose it's possible that someone's just running a charity Wordpress-like operation for their friends who all want websites.
In the middle of the interview there was a bug where our sessions no longer synced. So that’s a downside. But before that the interview was perfect.
[] Joke, there are no certifications.
The more chaos on the Internet, the more Cloudflare earns. It is a horrible company.
They are still losing money unlike Akamai, so there is hope they go bankrupt.
Cursor and Claude Code are also agents, and making it easier to run these operations from those interfaces assuming some margin of error is ok is a genuinely useful feature.
AI agent calls a human on their phone (even engage in an email chain), whilst talking to the human they analyse the likelyhood of diffferent fraud vectors, and choose the most likely one to work on this particular victim. Whilst keeping the human talking in chit chat to raise their confidence levels, in the background it buys a domain which fits the users fraud profile, and quickly makes a basic website on it. Maybe its a fake login page, maybe it just hosts malware, who knows at this point. The agent then emails the user from a mailbox on the new domain which directs the user to the new domain and commits the fraud. The email from the domain ties up with what the agent is saying on the phone, so it all looks legit to the human. Immediately after the call it deletes the website, directs the new domains dns to blackhole and discards it from its posession.
This is all possible right now. I am also interested to see what is built with this technology in the future, but interested in a very worried way.
In theory, this is a cool idea, but in practice I think this being done through a proprietary, locked-in Stripe product, is going to ultimately hinder adoption.
The security implications here are also concerning - from what I can tell - Stripe seems to have access to all of the keys/credentials for third party accounts/resources provisioned via Stripe Projects.
So stripe has centralized control over payments, KYC, credentials/keys (full lifecycle, not just storage), the provider marketplace, and even over the availability/reliability of anything built with on top of Stripe Projects (since now your credential/key lifecycle has Stripe on the hot path).
This is like a more janky/less reliable loveable, without the handrails, and with a mere illusion of less lock-in.
Imo, this kind of thing will only work long-term as an open protocol without Stripe lock-in, and I know certain people/companies are already working in this direction.
Sorry if this is a naive question.
This looks interesting nonetheless.
Why didn't Amazon think of that?
Their name doesn't appear in the first 6 pages (~175 TLDs) of this list https://tldes.com/cheapest-domains
On renewals they appear much more competitive though.
Now they can make websites full of info to back up their misinformation.
Which will feed future generations of AI.
Finally we are back to "You can't believe everything you read online".
Bruh.
What are the practical, legitimate use cases for buying domains at scale? I really can't think of a single one. I can however think of quite a few nefarious ones.
Disclaimer: I work at Cloudflare, but not on these
good luck
"POST /some/api"
to?
For example, in 2024 JPMorgan received a $77m subsidy to build a datacenter that created only one permanent job.
https://nysfocus.com/2026/04/20/data-center-tax-break-jpmorg...
It is cool feature but to what end? Buying a domain is not something you have to do daily to require any kind of automation.
I am also not sure who Stripe Atlas for. I am genuinely confused. It is definitely not something a developer will use.
I understand that you can bootstrap a number of systems but that is like half-hour of work and arguably it is probably a good idea to do it manually to make sure you have strong foundations.
I've have personally never seen a good example where a cross vendor account provisioning actually working. For example, Fly.io used to provision Sentry accounts automatically which you could not access in any other way but through Fly.io. I mean the Sentry account was effectively locked to a project that you cannot transfer - hijacking the actual global alias as well. Vercel did something similar with PostgreSQL via Neon and Redis via Upstash resulting in painful migration processes.
I can imagine ending in some kind of deadlock between services due to security hence why the 30 minutes initial setup is kind of time well spent to avoid future issues.
Maybe it's me.
Can’t think of any other uses for this given the current state of LLM ‘agents’, though I can’t wait for the next report of something like ‘openclaw registered 1000 domains for me without asking and now cloudflare won’t refund me’.
Every legit use case for LLM practically requires that human would verify the result manually, at least briefly. But spammers can enjoy skipping that step, since content was never a main priority in the first place.
By that token, LM-generated content which looks good at a glance but doesn’t hold up to scrutiny seems ideal for scamming. I’d speculate that in the scam content generation workflow, not only is there little penalty to skipping the verification step, but since you intend to push that step onto the target and hope the result is a false positive, subtly wrong hallucination might be not only tolerable but in fact better for its purpose than what a human could produce.
Spamcorp services are the future. Don't resist it, that would be futile.
I'm curious about things of this nature, where it seems like a case of "this information is important to me and I want accurate results".
But then the talk of automation seems to exclude careful human review of those results, which is needed to stop hallucinations from making their way to customers.
If this can be fully automated then you can just ask your own agent to do this and wouldn't need a business for it. And agents can already fill out web forms just fine.
No kidding.
> One fully automated business I think could exist and might be useful is apartment/condo rental.
We're starting strong on the category of businesses that generate no actual value and just scrape an amount of value out of existing transactions that would've happened anyway, i.e., rent-seeking. But good for you, you can now artificially shrink the supply of limited-availability goods in the market, then gate access to them behind a paywall, and you don't even have to do the minimal amount of actual work required to fleece strangers for part of their paycheck while creating no value.
Rent-seeking is a very specific economic term where a party inserts themselves into a transaction and takes a cut without providing anything: https://en.wikipedia.org/wiki/Rent-seeking
Being a landlord comes with significant responsibilities and even principal investment risk.
The market for real estate is basically the market for taxi medallions. It costs something to run a taxi, but there are a limited number of medallions and you can charge well over that cost because you have a medallion, which also makes the medallions very expensive. Until Uber comes along. But you can't just make an illegal apartment without land the same way you can make an illegal taxi without a medallion.
Also your rent comes with significant rights beyond a chunk of land.
It’s not rent-seeking at all. Leasing out a rivalrous asset does not land in that category in the slightest.
> Rent-seeking is a very specific economic term where a party inserts themselves into a transaction and takes a cut without providing anything: https://en.wikipedia.org/wiki/Rent-seeking
> Being a landlord comes with significant responsibilities and even principal investment risk.
Economist here. Yes, this was a correct use of the term "rent-seeking behavior". It's actually quite funny to see someone try to argue otherwise, when the name was chosen because this is, literally, the textbook example.
Everything functioned fine without the gate and nothing was improved by the gate.
An apartment LEASE is literally nothing like that. You’re borrowing something you don’t have and it’s a rivalrous good so other people can’t use it while you are.
Renting (leasing) a car, an apartment, or any other good like that is not rent seeking behavior. No actual economist would argue that because it dilutes the term to something completely meaningless.
I’ll sit out your little experiment because I’m not in the mood for this kind of response. But you may discover that if you turn down the venom a little, qualified people could teach you things like automated business models that are quite ethical and even the definition of rent seeking.
Have a nice day.
It's not a value judgement, it's literally rent-seeking behavior. You're seeking, to rent, property that you own, presumably for a profit. Like come on, it's what the word means.
> You also don’t seem to be aware of the definition of rent seeking but that’s an entirely different topic.
Both my command of the English language and the economist elsewhere in this thread disagree with you, but go off I guess.
> qualified people could teach you things like automated business models that are quite ethical and even the definition of rent seeking.
And yet instead of citing one you went off a tone-policing rant.
My question was quite open-ended. I genuinely didn't expect someone to come in and list the textbook example that an actual economist went on to point out was crap for the exact reason I said, truly. But that's the kind of poetic unawareness that one really can't plan for.
> Have a nice day.
I did, thanks!
That didn't play out quite how the cheerleaders expected (though the value of Bitcoin at least is still high, NFTs and all the actual use-cases for Bitcoin fell through).
I suspect we'll see something similar for LLMs, frankly they're nowhere near good enough for unsupervised use, and if you think they are, good luck to you in building a business on them.
Considering the disaster of that AI-powered store in San Francisco, I'm skeptical that this could happen in the next wave. Or even the next ocean.
(WSJ article from a few weeks ago stated that the "AI" can't stop ordering candles, and manages the staff so poorly that sometimes there are no employees scheduled for some shifts.)
[1] Every message sent from Amazon SES carries a "Feedback-Id" header that allows Google (and anyone else) to track the Amazon account responsible for the message. The fourth field is an opaque but stable identifier associated with your Amazon account; receivers can and do use this for rate limiting: https://aws.amazon.com/blogs/messaging-and-targeting/underst...
They are arming spammers and scammers with these tools so you need their product to protect yourself from them
like wmd's in iraq and hormuz problem now, lmao. remember how hormuz was not a problem and it was wideoy peaceful and open months ago? lol
To me this feels irresponsible and like it's main goal is to forward autonomous cyber attacks. Which is antithetical to what they do? Maybe I am missing the legitimate use case here, but I can only see this being used for removing responsibility from crime or espionage?
Does anyone know offhand if cloudflare is a department of war contractor? I never looked into it. But this smells funny to me
Somehow the Internet needs biometrics and age verification everywhere but also chat bots can buy property there without too much thought.
They buy up a bunch of .top, .shop and .xyz domains for $1 each. They spam them out in in all those "USPS tracking" spam text and Facebook fake store ads. The shelf life on these domains is a few days at best before they get shut down, now you can automate domain rotation and not have to pause your spam campaigns.
To create records for more than one domain, you need to write a personal support email.
They say it's to raise DNSSEC awareness, but I think it's also a robot captcha.
Though I guess it's still a good thing they do this? At the time I remember being mildly inconvenienced, but not enough to actually care. I just remember thinking, "How is this nonprofit going to handle all that support volume?".
They replied somewhat quickly (for humans).
I had accumulated enough hope for them to wait the 25 hours it took them.
And yes, I wouldn't go this way either.
I've used Desec for several years now, and I'm very happy with them. Zero problems, would recommend.
I'm not all familiar with this so I don't understand why it's not a ticket or any other non-automated action even for a single domain ?
I mean what is "the standard" that would actually allow a robot to register a domain to a DNS registry ?
Buy why do this, unless you're in the business of arming both sides of a conflict?
(With a side bonus of designing a defense product in such a way that you reverse much of the ground that was gained with "HTTPS everywhere", to give you centralized cleartext access to much of the Internet traffic.)
Generate hyper personalized ads in any format! Embed them stealthily into virtually any context!
I guarantee thats all big tech is thinking about as the future of LLMs. All this coding stuff is merely a good will investment to buy them time until they can implement this
I guess also; something that saves me 20 minutes a few times a year is still nice.
For example, you can now with Artifacts and Dynamic Workers make a lovable-style SaaS where your customers ask the AI agent to write software for them, the agent can run it in sandboxes with no build step, it can version it with a git-compatible API, and now you can even have it buy a domain for the end customer or set up their own cloudflare account when they want to move to production.
I personally have no use case for creating domains via agents, but some of the other features they're releasing around this area are extremely useful and I've started to ship internal tools for my clients where they are used, like giving them their own mini claude code that only does one thing – one I shipped last week was an agentic interface for Salesforce reports that understands their domain better (and all the undocumented tech debt) than the built-in Salesforce AI does and therefore manages the context better
I'm very keen to use their new dynamic workflows (cf's durable execution engine) which would let agents write workflow steps, that way my users can ask an agent to do stuff like "run this report daily and email it to me" and it can work with minimal setup (very basic example, but you get the idea)
It's for founders who don't have lawyers. My co-founder and I are both developers, we used Stripe Atlas to incorporate a C-Corp due to expecting to fundraise <1 year after incorporation. Stripe Atlas generates about 200 pages of legal boilerplate documents with very sane defaults so that your corporate structure, bylaws, IP protections, director indemnity, etc. align well with investor expectations. It helps investors not have to "rules-lawyer" all your corporate records during due-diligence, because their content exactly matches YC's expectations.
-------
I said we made a C-Corp but other founders should default to LLC, which Stripe Atlas can also streamline. An LLC is superior to C-Corp in pretty much every way for any pre-raise founders who don't have an extra $2,000 to >$10,000/year they're willing to part with for higher franchise taxes, "foreign" (different state) corporation registration, CPA's, and additionally lawyers if any investments aren't YC SAFE's (e.g. not YC, Neo, or A16Z SpeedRun).
Also note that for pre-revenue C-Corps, Delaware franchise taxes are scaled against number of shares, not company revenue or # of employees, so you can save some money by forming your company with 1,000,000 shares and then file a "Unanimous action of the board of directors" to increase it to 10,000,000 just before angel/pre-seed/seed round, and potentially save a few hundred dollars on your first year franchise taxes, depending on when you incorporate and raise. But if a few hundred dollars makes a difference to you, incorporating as an LLC instead of a C-Corp is the only defensible decision.
And as always, start your taxes 3-4 months before they're due. If you want a CPA to do them (which you should if you have any revenue), you'll need to retain them way ahead of time for C-Corps. If you're filling tax forms out yourself, you'll want to start at least a month before they're due.
> They're wrong about the Delaware franchise tax.
"The minimum tax is $175.00 for corporations using the Authorized Shares method and a minimum tax of $400.00 for corporations using the Assumed Par Value Capital Method." [0]
That is the "save a few hundred dollars" I was talking about. I did get the # of shares threshold wrong, it needs to be <= 5,000.
> They're wrong about the foreign registration -- in California (and I believe most other states), you also need to register foreign LLCs.
Yes, but I was referencing that it often costs more to register a C-Corp than an LLC (depending on the state).
> They're wrong about investments -- SAFEs are very easy for corporations (no lawyers required), but they can't even be used by LLCs. You'll need to convert to a C-Corp.
Yes. Totally agree on all points. This conversion will cost roughly the same as first year taxes, but leaves the option of not doing it if you never get enough revenue to hire employees and don't get funded. And if you do get enough revenue for that, or you get funded by SAFE's, you'll have no issue affording the lawyer+CPA who can do it for you.
As for it being a bad time to deal with that headache, I generally agree. You'd probably want to do that when you reach the point that you feel ready to start fundraising.
> They're wrong about investments -- SAFEs are very easy for corporations (no lawyers required), but they can't even be used by LLCs. LLCs don't have stock, and most boilerplate documents will not work for LLCs.
I miscommunicated on this point: I meant to say if you're not getting funded by SAFE's, you'll need a lawyer, and therefore the "saving money" thing probably isn't particularly relevant and there's no issue filing as a C-Corp.
Boilerplate documents work fine for LLC, and Stripe Atlas helps with this.
> Something about passing losses from an LLC to your personal taxes being a good way to get you audited.
I'm not sure you can do that? Haven't had to deal with it personally (my LLC's were profitable in their first year) but AFAIK capitalization is usually done with post-tax money so I don't see how first-year LLC losses can reduce your personal AGI.
> Something about tax paperwork burden being roughly equal for LLC vs. C-Corp.
I was mainly trying to say that CPA's charge more for C-Corps than for LLCs.
0: https://corp.delaware.gov/frtaxcalc/
Stripe Atlas makes it massively easier for startups to incorporate in Delaware. This is particularly hard for non-US founders. It solves a real problem. I don't think this part will be done by agents though!
Disclaimer: I work at Cloudflare but not on this
Short of throwaway sites (spam etc) it's hard to imagine skimping time on this specific, mostly painless part.
I am watching people who can't code build and deploy dashboards and sites with Claude Code (desktop app - they don't use the CLI), then go cap in hand to developer friends to get it hosted on a domain (rather than some Vercel or whatever URL).
Those people absolutely want to risk letting an agent buy and set up the domain.
This is not necessarily as blindly stupid as you might think. Many of these people know that this workflow is no good for writing code that does anything serious (i.e. storing data for people, taking payments, etc.) but there are a huge number of projects that are just websites, dashboard, data visualisations, etc. with static content and public APIs (Twitter is awash with them) and domains are cheap.
A decent minority of these are even quite cool or interesting.
So a lot of people want to put their vibe-coded weekend project behind a nice domain. Why not?
Let's say they buy a first time discounted $5 domain with a $9000 renewal (could the first renewals be made contractually mandatory?), potentially some other weird terms that the agent agreed to for them.
If I was ill spirited I'd go look at how the agents try to buy and setup juicy traps to milk it as much as I can for the first wave.
Rename to Greedware.
In the US, regulations on pensions, health insurance etc. are governed by the state that employees physically work in, not by the laws of the state of incorporation.
Stop spreading populist internet bullshit.
Incorporating in Delaware is like 95% about being in a predictable legal framework for any business related dispute imaginable.
I recently set up DNSSEC for the first time.
It really was just a bunch of copy-paste from one provider to another.
I like to understand what I'm doing, and LLMs helped greatly with that.
But it was copy-pasting screenshots into chat, so not really agentic.
Every time I come across AI projects and AI integrations (including my previous job where I full-time worked on one), no one was able to show me concrete examples how can I use it for constructive things.
This was such a weird mention to see in the article. Stripe Atlas is a service that helps new businesses incorporate and onboard onto Stripe/partner services with some startup credits. It's been around forever, has nothing to do with AI, and is generally a very well-respected service.
Which is arguably unfortunate, as it nudges people towards using centralized services because they simply don't know that they have the option to register one.
For example, why not self-host a single-page party invitation site designed by an agent rather than using Facebook or Instagram?
An average web user got far less technical since, and making a website got harder instead.
Now, if anyone could just ask an AI agent to set up a website, and get a personal page with an e-mail inbox and a domain - all reasonably secure, TLS set up, billing added as +$5 per year to the AI subscription bundle? Maybe that would help some.
Instead, everybody ended up using Gmail, iMessage/WhatsApp, and Facebook, and things are as centralized as they can be.
Agents could be a force in breaking that trend. Even if inference stays centralized, the artifacts agents create would not be. Basically the difference between everybody renting from one of a handful apartment building mega corps or being able to hire contractors to build your own things according to your ideas.
And just like there, it’ll probably help a lot to know a bit about how the sausage is made to not be taken advantage of. Also, many people will probably always continue to rent, which is fine. But the possibility of agent competition alone will hopefully keep centralized platforms and SaaS offerings on their toes, which is good for their users.
But at that point you're big enough to build it properly.
[1] https://www.citationneeded.news/posse/
Interesting evolution:
1980s and before - Centralized computers, thin clients & terminals
1990s - Decentralized computing - rich clients running native code locally, data lives locally, making use of the network for necessary communication (e.g. email, IM)
Present day - Entirely centralized data, compute outsourced from companies to 'Public Clouds', bloated clients running JavaScript locally, but mostly without local storage besides cached copies of data.
I wonder what path the next phase will take.
But it’s worth noting that any good technology starts off being called a toy and with most people not being able to imagine its usefulness.
(Sorry for the snark, I'm hangry)
> Hey, please make me a website about my dog woofy. Give it the link myfluffywoofy.dog ;) Thank you!
“To what end?” was the default reaction when Amazon launched S3 in mid 2000s :)
I think cloudflare is in the clear. Mr doofus could argue that the AI company allowed or enabled the crime which they otherwise wouldn't have done. Or Mr doofus could claim his prompts shouldn't have lead to that outcome and that wasn't his intent at all. Making the bots at fault, but not the AI company I guess?
People making cooking websites, websites for their garden, etc usually have nowhere to go. A web app who is an agent for a customer will then deploy agents in the backend to deploy the website too.
Basically what one would do manually, you tell one agent to make another agent do it.
Meta agents are where are going it seems.
They've had WYSIWYG website builders since the late 1990s.
AFAIK you can't make a website on SquareSpace and download it to your computer, edit it locally and move it to a different host, etc.
In the past there were actual WYSIWYG editors which let you design your website or CMS theme and then do whatever you wished with it. Artisteer was the pinnacle of this. Then nerds took over with their command lines and Kubernetes.
Imagine if one day people decided that making and editing documents in Word was no longer possible, that they had to be hand coded and command line compiled and linted, and not mix tabs and spaces. That's what happened to website publishing. For no reason at all.
You know, I kind of miss Geocities too.
The idea that people who want modest websites need active agentic systems to do that is a really odd take.
Any actual readers will be on platforms which combat the bot spam.
That's not what this is though, is it? In other words, isn't the (anti-)pattern you describe an argument in favor of agents setting up your accounts instead?
You can tell your agent to buy the domain at registrar x, manage DNS at y (and maybe configure DDoS protection and CDN), and host your content at z, and if the agent is good enough, you don't even need to understand the details.
You end up with individual credentials for each service, rather than a web of account relationships managed by a single "portal" SaaS.
Stripe Atlas has actually been around for quite a while, from like 2016. It's a quick start business platform for startups. HN discussion here: https://news.ycombinator.com/item?id=11166417
So correct in that it's not something intended for developers. It's intended for entrepreneurs (whether or not they are developers)
I've been wondering the same thing. What would have stopped me from using a model to talk to their APIs in an autonomous way anyway? Are you going to captcha my bot from running scripts to hit your API end-points? How can you tell its not my automated scripts vs an agent vs me testing?
It became "the way" a lot of these PaaS systems operated and I'm sure the goal was to get some percentage once you increased your usage from the free tier, which makes sense for the PaaS partner.
For sure, revshare is standard on those partnerships.
Fun(ny) fact: all the companies that started out on Heroku back then are still locked into those Heroku-captive tenant accounts on those partners, because contractually, the partner is not allowed to transition such an account to direct billing. One company I've worked with has had all their infra moved off Heroku for almost a decade, but their Sendgrid account, which has hundreds of subtenants that each have custom domains configured, still can only be logged into via Heroku. They'd have to rebuild that whole thing from scratch (including make all their customers redo DNS validation) to move to a real sendgrid account.
I'm sure Heroku earns Salesforce a really healthy revenue stream based on this.
Seasoned, well trained engineers have created hundreds of thousands in billing on AWS through a simple mistakes overnight.
It's immediately reminds me of putting microtransactions into children games on mobile devices - a venue that has been thoroughly explored some 10-15 years ago.
I can't see payment and provisioning as a blocker in any scenario.
This has a potential to create a massive yet very dubious income stream for the company.
We should build more toys
Arguably Github, Slack, Twitch, TikTok were basically toys at launch with a lot of people questioning possible market fit.
But there is a difference between those products - and for example - everything that came out of the crypto blockchain scene. This new product by Cloudflare feels more in the latter camp than the former.
Plenty use Cloudflare to ship and this basically negates the need to automate all the logistics. Not really sure what you are rambling on about, you are just mixing totally unrelated group of tools and services to support your "yeah agentic use of cloudflare is bad: which makes no sense.
I wrote a python client for dnsimple nearly 16 years ago to exactly that. If you can’t think of a reason it’s useful, you may wish to get your agent to buy a domain for some project you have asked to create.
Doesn’t this sum up most of the AI “innovations” we’ve seen shoveled in this bubble?
We constantly see AI thought leaders backpeddling on promises and just spouting general nonsense. Altman originally talked effusively about an era of “abundance”. An abundance of what? It’s a word salad of feel good vibes without any substance.
Sam Altman has gone from claiming AI might cure cancer to shoveling ads and the scope of AI seems to be reduced to mostly be suitable as flawed, imperfect, but mildly useful coding/automation agents that are likely subsidized beyond economic viability, but you can’t point that out because it’s the future!
Just like it is usually used: spam and (D)DoS
At enterprise level, account provisioning with SCIM is the industry standard.
You can tell Claude to add a new condition to an if and instead it will duplicate the whole if body.
They're hoping you'll tell your "agent" to buy a domain and it will buy 30 instead.
Sorry, but no, you totally miss the fact there are domain farms which buy the dropped domains and then offer them up for sale. Bots now use AI to analyze the domain's value and automate the whole process. To be able to let AI buy it as well likely offers a tremendous amount of time saving.
What cut are you talking about?
Domain registration is already API driven and has been for decades. The most sophisticated domain name investors (or "domain farms") go as far as to own registrars directly so they have instant access to the registries. Nobody involved in domains would use Cloudflare's product because they already have and have had automations for decades.
For example, DropCatch (NameBright) own over 1,000 different registrars so that they have over 1,000 direct routes to Verisign's .com registry. GName are a new player in the space, approaching 1,000 registrars. The amount these companies spend on their registrar licensing alone is many millions of dollars[1].
Cloudflare's product adds nothing new to the world of domains. Anyone has been able to go to OpenSRS and sign up as a reseller with API access for over 20 years.
[1] The majority of ICANN's registrar revenue comes from just a few companies that own thousands of registrars collectively: https://www.iana.org/assignments/registrar-ids/registrar-ids... cmd + f "DropCatch" and "GName"
I guess this, lowers the barrier to entry for this extremely specific niche?
But at the same time they can't be displaced on a whim either lol.
Capitalists punching the air rn.
When I recently started a consulting agency, I found myself reaching into Cloudflare and experienced the same bottlenecks they describe.
Here's where I can see this helping again, in the future, when I know what I want and I want to quickly provision a quick digital presence:
- buy the domain
- provision and deploy to the domain, use Cloudflare as my hoster to serve my bundles (already created the site locally and have MCPs configured to handle this)
- Give it a budget, my "risk" tolerance amount, of say $50
- if something goes wrong, the ~30mins saved is worth that $50 risk (low chance of problem here)
- Yes I'm going to play with this and see if it works out, and if it does, now I can spin up startup websites for small microapps and POCs a bit faster.
It’s already been possible for a very long time to do all these steps via api, using Cloudflare and/or other domain registrars.
The manual steps you take is what you do, and the sequencing you learn is critical as it might not be simply from start to finish.
It can be simplified as a sequenced bash script using clis across all the services.
If you want an end to end automation solution, you have to automate everything, not just high frequency tasks. It’s not acceptable to just say “oh you can automatically deploy a new site but first you have to register an account and buy a little domain”. The user command is “deploy site, right NOW”.