HackerTrans
TopNewTrendsCommentsPastAskShowJobs

weiliddat

150 karmajoined قبل 7 سنوات

Submissions

$10k bounty to break Pydantic's Python interpreter / sandbox

hackmonty.com
3 points·by weiliddat·الشهر الماضي·0 comments

Hypothesis Testing with E-Values

arxiv.org
3 points·by weiliddat·قبل 6 أشهر·0 comments

Client-side text sharing via compressed URLs

btoa.link
1 points·by weiliddat·قبل 7 أشهر·0 comments

comments

weiliddat
·قبل 6 أيام·discuss
I was curious how have sentiments changed over time. Brief LLM-based analysis: https://ampcode.com/threads/T-019f32ac-3b1e-74be-ad63-5f175d...

Overall, seems like it got more nuanced over time - even though it's still broadly in favor of SQL. Favor for ORMs (flagged also as a term that can mean many things to different people) is more in terms of type safety, mapping, migrations, etc. so more a library/utility rather than a framework that fully abstracts away the database.
weiliddat
·قبل 17 يومًا·discuss
> Often, it takes 5-6 broken crappy versions of a thing until you understand that. There is no accelerating the 5-6 broken crappy versions - there’s no agent tech that’s going to help your meat brain avoid thinking time.

Fully agreed. Though I found that, once I found a harness (prompt + skills + model) that I trust to do most things the way I like it, it has sped up the coding/exploration part of that process.

Although the iterations are faster, it's still taking me almost the same amount of effort to go through those crappy versions, because I still need to understand and adjust my mental model of what ideas, principles, design apply for the solution, and what to try next.

So, in the end, I do feel like I'm expending more mental effort in a shorter amount of time (with some effort saved on writing the code, which wasn't that much to begin with once you're proficient). It's a weird feeling, like I'm "only" prompting and reading code, but I feel equally mentally spent, or sometimes more because of the compressed iteration cycle.
weiliddat
·الشهر الماضي·discuss
No harm done, glad I clarified.

I'm generally an optimistic person and very trusting of others. I'd say I'm also a pretty good reader of intentions / listener based on people who are my friends / worked with me (anecdotal of course, take it how you will).

However, some of the comments in the GitHub issue... I can only assume the worst of intentions to ruin any/all motivation of the maintainer. Given we've seen social engineering and other attacks on other open source projects with increasing frequency, I can only assume that there are ulterior motives in such comments.

I cannot otherwise see how those comments would be constructive towards the maintainer or the other participants in the issue.
weiliddat
·الشهر الماضي·discuss
Supported is different from doing it well though. You do notice the performance hit even on TVs that playback YouTube videos on AV1.

Even on 1080p videos running on AV1 on 1x, the TV system bogs down and any kind of interaction has a variable 1-3s lag. On some TVs if you do 1.25x the TV automatically "downgrades" the resolution to 480p to avoid dropping frames.

I wish there was an option to still use VP9 / H.264 on those systems (even limited to 1080p).
weiliddat
·الشهر الماضي·discuss
I'm not sure how to interpret your comment. It could be

- a response to my comment saying that I am "illiterate" and cannot differentiate LLM output vs actual human comments (in that case I'm not sure what you're adding to the discussion here beyond a personal attack)

- a general comment saying it's getting harder for people in a position similar to us (i.e. tech / tech-adjacent who interact a lot with others who write with LLM assistance or via LLMs) to differentiate human/AI output.

I'll assume good faith and you mean the second. In that case maybe you can explain the "fundamental problem" you're referring to?
weiliddat
·الشهر الماضي·discuss
Maybe I'm getting too skeptical. I have a feeling increasingly many of the comments on HN and the GitHub issue are just bots ragebaiting other people (incl. the maintainer)...
weiliddat
·الشهر الماضي·discuss
One thing that OpenRouter makes easy is the ability to manage API keys (mint new ones, expiry/limits per key, etc.) that I wish that other providers would make possible/easier.

So many use cases, like sharing AI/assisted features externally, with the ability to use those features but also limit the fallout if its shared / used for other purposes, without jumping through more fallible hoops like safeguards etc.
weiliddat
·قبل شهرين·discuss
Is the intent of Linux the architecture, or the philosophy of free / open source software?
weiliddat
·قبل شهرين·discuss
Also curious. With tool calls reading/searching different files, possible compacting reading a large codebase / long threads, I can't imagine how you hit 99% cache rate.
weiliddat
·قبل شهرين·discuss
> Unfortunately it will all probably sort of work, But best not to dwell too much on how the sausage is made, it is pretty unpleasant.

Interestingly, most long-running codebases are like that, no?

It's just that producing (incl. reviewing/testing and all those, even AI-assisted) that amount of code in a significantly shorter period of time highlights this discrepancy much more to us.

Boiling frog
weiliddat
·قبل شهرين·discuss
Let's go one step further and think about why OSS maintainers generally approach security vulnerabilities the way they do (even pre-AI), and why some people has a significant negative reaction to this type of bug/security/issue reporting approach.

What happens if they treat every single report with the same effort and seriousness regardless of how it is reported? What happens if they dedicate too much effort in wild goose hunts while disregarding the more mundane/concrete security and maintenance work? How would an attacker take advantage of this process?

If you work in software, maybe you've encountered this yourself, in orgs where they don't have good processes around reporting bugs/issues. You essentially get DoSed by noise. You get tons of issues from customers (or internal stakeholders representing them), some barely describing stuff like "hey X can access Y, don't think they should" without any context (or even refusing to provide further information even after you ask), forcing you/CS to prune down all possible paths based on audit logs and their permission settings and so on.

Customers (in this case I'd say OSS users are customers too) can say "yeah this is the responsibility of the maintainers/vendors, why should I even care to report things a certain way, be glad I even told you at all" but IME this social posture is terrible for both parties. Even in commercial relationships, the best customers I've had were ones that reported issues that were concrete and reproducible. The chances I can fix it almost immediately goes up in orders of magnitude. The customer gets what they want and my job is simpler.

Even the core claim of the article, "this is a systemic issue", isn't fixed by a carrot disclosure. They don't imply an organizational/structural issue, merely a legacy one (inheriting stuff from gitea/gogs). What do you gain more by putting social-political pressure on an OSS project, if it's not a social-political problem?

The post reads more like an emotional response (frustration) rather than a productive one.
weiliddat
·قبل شهرين·discuss
Reading this and mitchellh's post I was curious about code archival services, and found a few projects.

GitHub has their own: https://archiveprogram.github.com/

Software Heritage is a non-profit funded by UNESCO: https://www.softwareheritage.org/2019/08/05/saving-and-refer...

Although they're mostly the code / commit history, not so much surrounding metadata like issues, PRs, discussions, wiki, etc.
weiliddat
·قبل شهرين·discuss
I would be very curious which programmers you have in mind when comparing to llms. Like the median programmer, or like the top 10%.

I feel like we've passed the point where an average-effort Claude Code / Cursor / Codex initialized (like basic docs, skills) project would produce a better product (not just code) than if you hired a median programmer to work on that project.
weiliddat
·قبل شهرين·discuss
Hmm I would hope that's for better quality (if there's somehow model-specific optimizations) or search/retrieval methods down the line. But can't help but feel like the labs/providers might try to lock-in customers by making things non-portable/opaque.
weiliddat
·قبل شهرين·discuss
I'm still optimistic. I think the number hasn't gone down, just the ratio. Software still offers a relatively well paid and comfortable career, so you naturally get people who just want to do a good job and that's it. Nothing wrong with that.

Used to be nerds hanging out on IRC, distributing Slackware, hacking trialware, modding games, etc. that had the passion and problem solving determination to do software work, which used to be harder due to lack of access to information.

OTOH what a great time for a budding engineer. I'm in my mid 30s, and no longer have the same stamina and passion as in my teenage/20s, but in the last 5 years I've learnt so many things I could not have done so back in the day. I learnt and experimented way more around random topics like compilers, OS, electronics, databases because of ease of access to information, AI (:shrug:), even though I have way less free time.
weiliddat
·قبل شهرين·discuss
I think it doesn't need to be a large X% increase, just needs to hit some critical infra threshold where various services start failing and cascade. Weakest link and everything.
weiliddat
·قبل شهرين·discuss
I suspect the harness (of which AGENTS and skills and similar things) should be abstracted for better overall performance. This article doesn't really go into detail about model preferences, but some other benchmarks show that different models have differnt preferences of how to use certain tools (probably related to their post training material), and it should really be managed invisibly to me as the end user.

Also curious how well LLMs can self-reflect in a loop, in terms of, here's how the previous iteration went, here's what didn't go well, here's feedback from the human, how do I modify the docs I use in a way that I know I'll do better next time.

I know you can somewhat hillclimb via DSPy but that's hard to generalize.
weiliddat
·قبل شهرين·discuss
This is more a harness thing signaling the presence or forcing a read on AGENTS/CLAUDE.md right?
weiliddat
·قبل شهرين·discuss
I think it's more people are checked out (and AI is one part of it yes), made worse by orgs who don't know how to lead/manage/change effectively.

FWIW, some people used to (or still do) say similar things that software is significantly worse because people use "unserious" languages like PHP, Ruby, Python, JavaScript. It brought about so much cool shit that I don't think it's worth saying we should've stuck with only C and Java.
weiliddat
·قبل شهرين·discuss
Ah that’s super cool. Wish I knew about this a week earlier. Just last week I got the iLoud sub to correct speakers for my living room because I wanted a standalone piece of equipment that’s not my PC that can hold the corrected EQ/phase.