HackerLangs
TopNewTrendsCommentsPastAskShowJobs

cvwright

2,229 karmajoined vor 12 Jahren
Recovering academic. Security and privacy research engineer.

comments

cvwright
·vor 7 Tagen·discuss
[flagged]
cvwright
·vor 9 Tagen·discuss
You should try writing a design doc with the AI before you have it write the code. It will make random extrapolations from your first prompt, some good and some bad. Then you get a chance to argue back and forth with yourself with the robot as a helper.
cvwright
·letzten Monat·discuss
The best early example of this is that Anthropic is already eating the lunch of all the new “AI security audit” companies. And they were only a few years old.

Those guys certainly thought they were being novel and creative, using AI to disrupt an expensive and labor intensive business model. But now with Claude Security, their own market share is going to be gobbled up before they can even get established.
cvwright
·vor 2 Monaten·discuss
Unfortunately even in the old days, a truly good programming book like you’re describing was depressingly rare.

Younger me really enjoyed some of the game programming books by Andre Lamothe.

Most “Learn Language X” books were terrible with over focus on syntax and very little thought into organization.
cvwright
·vor 2 Monaten·discuss
LLMs are bringing us back to all the “proper” software engineering stuff that we’ve always known we should be doing, but until now we never had enough time/people/money to do it right.

Brainstorming and research before writing a design.

Writing a design or spec before writing the code.

Comprehensive unit tests.

Etc etc etc.

Like you, I get vastly better output from the tool when I create a detailed spec in markdown before I let it start coding. And bonus, the LLM is pretty good at helping with the spec too.
cvwright
·vor 2 Monaten·discuss
You’re arguing that we have too many PhD students in CS, not too few.

I agree with you fwiw.
cvwright
·vor 2 Monaten·discuss
re: incentives, my proposal was always to let schools pay their football and basketball players, but require that grad research assistants are paid the same.
cvwright
·vor 2 Monaten·discuss
I worked a ton in grad school, and it definitely sucked at the time.

But it’s crazy to complain about getting paid to go to school. A grad stipend is there to minimally support you so you don’t have to get another job and can focus on your research. It’s not supposed to be a career!
cvwright
·vor 2 Monaten·discuss
Even that press release never claimed that Mythos was better than Opus at finding bugs.

They claim the huge advance is in exploiting the bugs.
cvwright
·vor 2 Monaten·discuss
The word “exploit” may be doing a lot of work here. In my experience Opus 4.6 is perfectly happy to provide test cases that trigger ASAN, even without the super secret squirrel security access.

But if you ask it to get you a shell it’ll probably tell you to get lost.
cvwright
·vor 2 Monaten·discuss
It’s been said that the British executed about 1% of their population each year for a few hundred years, and that a similar number died in prison.

The claim is that this made Britain a much safer country in later centuries.
cvwright
·vor 2 Monaten·discuss
New section, like pre-crime but for history. Pre-history.
cvwright
·vor 2 Monaten·discuss
And you don’t have to worry that some random passenger will piss, puke, or shit in the Waymo during your commute.

The first two happened to me within the span of a month during the three years that I rode Trimet in Portland.
cvwright
·vor 3 Monaten·discuss
Unless the data is a lagging indicator
cvwright
·vor 3 Monaten·discuss
Are Mississippi and Louisiana at the top of the pay scale?

Then why are their reading scores improving so dramatically compared to wealthier states? Especially for under-privileged populations?
cvwright
·vor 3 Monaten·discuss
Because the Brits will never be accepted by the locals as a Thai or Vietnamese or whatever, and they know it.

Whereas in western countries we have “new Germans” or “new British” from all over the world.
cvwright
·vor 3 Monaten·discuss
It’s easy to find sketchy lines of code in any large C project.

The big advance that they are claiming with Mythos is the ability to triage all the hundreds of candidate vulns and automatically generate exploits to prove that the real ones are real. And if they’re really finding 27-yr-old 0-days in OpenBSD, then it’s not just hype.
cvwright
·vor 3 Monaten·discuss
Right. It’s things like Baltimore (when I lived there) requiring that high speed internet had to roll out in poor areas first, before it could go into the rich neighborhoods.

But this was the early 2000s and the internet was still “new”. Only the richer areas cared and were willing to pay the price. Letting them have first (or even equal!) access would have made it easier to fund the rollout in low income areas.
cvwright
·vor 3 Monaten·discuss
I thought that was kind of how the hard sciences work already?

My grad school friend who was a physicist would write his talk just before his conferences, and then submit the paper later. My experience in CS was totally backwards from that.
cvwright
·vor 3 Monaten·discuss
Find-then-patch only works if you can fix the bugs quicker than you’re creating new ones.

Some orgs will be able to do this, some won’t.