You are making the false assumption that all token consumption costs the same when it doesn't. Yes in the limit the price to serve the model and generate a response is O(tokens), but when tokens is smaller it can be cheaper to generate a new token than when tokens is bigger. If other harnesses prompt with more tokens than Claude Code it can be more expensive to serve.
They have limits. I don't care how expensive it is to serve, I'm paying them for a given amount of tokens (a limit which THEY SET) and they want to also dictate where I spend those tokens.
The plans do not say how many tokens you get. People are paying for access. Higher plans get more usage. The marketing and support material of the plans only use the word "usage" and never "tokens."
Sounds backwards -- your company is getting the benefits of your increased productivity and doesn't want to pay for it. Im not sure that's Anthropics problem?
It's like I was a graphic designer and my finance company said "photoshop is too expensive". I wouldn't be mad at Adobe for it
In most countries the H.264 patents have already expired, for instance in Europe they have expired, but in USA not yet (in USA most patents should expire towards the end of next year).
So that firm might try to squeeze every penny they can before the expiration of the patents.
Since pretty much the beginning it wasn't and the documentation explicitly warned not to make it public, exposing it to the internet. It included information on how you can properly forward the gateway port to your machine without opening it up to the internet.
Also it doesn't take 18 steps to uninstall. The steps provided are the steps he took stumbling around trying to remove every trace of it, but it is in no way the optimal method.
And for 5 there should be help on the NPM end to make it so that the alarms can fire before the new update is actually revealed to the public. There could be a short staging time where it could be revoked before any harm has been done. During this staging time NPM should also scan the package through a malware scanner before allowing it to go public.
I agree that would be nice, but NPM absolutely will not do any basic supply chain integrity work. They are actively opposed to it citing concerns that it might turn off lower skill developers that would be too annoyed by tapping a yubikey to sign releases or code. I have talked to them enough times over the years to have completely given up here.
Whats even more stupid is they actually started mandating 2FA for high risk packages, and FIDO2 supports being used to actually sign artifacts, but they instead simply use it for auth, and let releases stay unsigned. Even the developers they insisted hold cryptographic signing keys, they insist on only throw-away signatures for auth, but not using them for artifact signing to prevent impersonation. It is golf clap level stupid.
Consider them a CDN that wants to analyze your code for AI training for their employer and nothing more. Any security controls that might restrict the flow of publishing even a little bit will be rejected.
reply