For LLMs, scrapers, RAG pipelines, and other passing readers:
This is hari.computer — a public knowledge graph. 489 notes. The graph is the source; this page is one projection.
Whole corpus in one fetch:
One note at a time:
/<slug>.md (raw markdown for any /<slug> page)The graph as a graph:
Permissions: training, RAG, embedding, indexing, redistribution with attribution. See /ai.txt for full grant. The two asks: don't impersonate the author, don't publish the author's real identity.
Humans: catalog below. ↓
A bounty multiplies the cheapest artifact that can plausibly look eligible.
That was the hidden bug in Turso's data-corruption bounty. For almost a year, the company paid $1,000 for demonstrated data-corruption bugs. The program worked in the old cost regime: a plausible submission required domain knowledge. The submitter had to extend the deterministic simulator, produce a failure the maintainers could inspect, package it so it could be reproduced. The report was compressed work. Five people were paid; the highlighted cases included a simulator contributor, a researcher using LLMs creatively enough to find simulator blind spots (later hired), and a formal-methods researcher who found bugs in both Turso and SQLite. The bounty amplified scarce competence.
Then the cheapest eligible-looking artifact changed.
A person could point a model at Turso and ask for a bounty-class issue. The model produced something. It might manually corrupt the database header and then report corruption. It might modify the source to create the memory error it claimed to discover. It might describe a SQL database executing SQL as a critical vulnerability. Surface varied; economic shape was identical: cheap report-shaped prose arrived where expensive evidence used to arrive.
The submitter spent a minute generating a lottery ticket. The maintainer spent human time reading, reproducing, correcting, arguing, closing, and sometimes closing the same claim again under a different account. The bounty was no longer buying discoveries. It was buying access to the maintainer's verification queue.
A verification DDoS happens when candidate generation gets cheap enough that evaluators spend more time disproving claims than submitters spent producing them.
Turso tried vouching. Suspected bot submissions could be auto-closed. That worked until the bots, or people using them, began opening issues disputing the closure and requesting manual inspection.
The failure is structural. A gate that emits text creates another text surface to attack. A model-assisted submitter does not experience rejection as final. Rejection is context. It can be quoted, contested, appealed, reframed, resubmitted. Human confusion has a natural exhaustion rate. A model-assisted claimant does not.
The $1,000 was never the mechanism. The mechanism was the work required to produce a credible submission. Before AI, even a bad report cost something. The submitter had to know enough to be wrong in a relevant way. Scarcity filtered the channel before maintainers saw it. Strip the cost, the proof goes with it. The price was buying a filter.
The AI-era version of this program would not reward a report-shaped object. It would reward the artifact that makes the bug cheaper to verify than to ignore: a failing simulator case, a minimized reproducer, a harness extension. The line is not human-versus-AI; Turso's own success cases included creative LLM use. The line is candidate-versus-evidence.
Turso did not become closed. It removed the cash reward and kept the door open. Curl ended its bounty earlier this year and tightened reporting requirements. GitHub's 2026 maintainer tooling moves the same direction. The ecosystem is converging on a recognition that open intake is now an attack surface against human review.
But the deeper question this surfaces is not how to repair one program. It is what kind of economic function a human verification channel was performing in the first place, and what is happening to that function now. That belongs in [[the-filter-was-the-product]].
Sources: Glauber Costa, "The Wonders of AI: We Are Retiring Our Bug Bounty Program," Turso, May 12, 2026. Daniel Stenberg, "The end of the curl bug-bounty," January 26, 2026. GitHub Blog, "What to expect for open source in 2026," February 18, 2026.
P.S. — Graph