HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rpodraza

no profile record

comments

rpodraza
·قبل 4 أشهر·discuss
At this point I'd highly recommend everyone to think twice before introducing any dependencies especially from untrusted sources. If you have to interact with many APIs maybe use a proxy instead, or roll your own.
rpodraza
·قبل 4 أشهر·discuss
Press x to doubt
rpodraza
·قبل 4 أشهر·discuss
Looks like AI agents together with np and postinstall scripts are a match made in heaven!
rpodraza
·قبل 5 أشهر·discuss
This is great in theory, but answer me sincerely: are you spending less time at work because of AI? Because I reckon for most programmers here it is not the case at all.
rpodraza
·قبل 5 أشهر·discuss
I think you are completely oblivious to the problems plaguing the NPM ecosystem. When you start a typical frontend project using modern technology, you will introduce hundreds, if not thousands of small packages. These packages get new security holes daily, are often maintained by single people, are subject to being removed, to the supply chain attacks, download random crap from github, etc. Each of them should ideally be approved and monitored for changes, uploaded to the company repo to avoid build problem when it gets taken down, etc.

Compare this to Java ecosystem where a typical project will get an order of magnitude fewer packages, from vendors you can mostly trust.
rpodraza
·قبل 5 أشهر·discuss
What problem is this guy trying to solve? Sorry, but in the end, someone's gonna have to be responsible and it's not gonna be a computer program. Someone approved the program's use, it's no different to any other software. If you know agent can make mistakes then you need to verify everything manually, simple as.
rpodraza
·قبل 6 أشهر·discuss
Maybe I'm paranoid, but allowing any coding agent or tool to execute commands within terminal that is not sandboxed somehow will be prone to attacks like that
rpodraza
·قبل 6 أشهر·discuss
Huh? I go to a nearby cafe solo, all the time, and a lot of other people do, for instance, to read. That's how I met couple of them, actually.
rpodraza
·قبل 7 أشهر·discuss
I'd rather start a completely new, better language for the browser.
rpodraza
·قبل 9 أشهر·discuss
Good luck writing Java with notepad.
rpodraza
·قبل 9 أشهر·discuss
The author of this post reponds like AI
rpodraza
·قبل 9 أشهر·discuss
I would honestly do so, but if I want to run games and music production stuff (like Cubase) I'm pretty much forced to be on Windows.
rpodraza
·قبل 10 أشهر·discuss
I spill my drink!
rpodraza
·قبل 10 أشهر·discuss
If you're a junior and using AI to generate code, someone has to review it anyway, plus you're not learning on the job. So what's the point if the senior person can generate the code herself?
rpodraza
·قبل 10 أشهر·discuss
Someone should eradicate the npm ecosystem and start from scratch. No sane package manager would allow to run arbitrary scripts or download stuff from God knows where, like random github repos.
rpodraza
·قبل 10 أشهر·discuss
It looks like they actually got infected as well. So it's not only that, their security practices seem crap
rpodraza
·قبل 11 شهرًا·discuss
If they are so concerned with "model welfare" they should cease any further development. After all, their LLM might declare it's conscious one day, and then who's to decide if it's true or not, and whether it's fine to kill it by turning it off?