HackerTrans
TopNewTrendsCommentsPastAskShowJobs

steventhedev

no profile record

comments

steventhedev
·vor 2 Monaten·discuss
The dirty secret if you work inside BigCorp and look around at the projects they're showcasing:

1. They're low stakes to get wrong.

2. The most common is MCPs or similar ai-tooling.

3. Making them look good takes time and effort still. It's a multiplier, not a replacement.

4. Quality and maintainability require investment. I had to restart an agentic project several times because it painted itself into a corner.
steventhedev
·vor 4 Monaten·discuss
The entire point of this is that the complexity is encapsulated on the signing side - not the verifier. So it's more that you would split the keys between systems you control - say the reverse proxy and the application server.

Or one that's checked into your version control (representing that it is your company's code that's running) and one that lives on the server (representing that it is a server your company controls).

Or to take your example - a key in the repo, a key from the dev, and a key from the build server.
steventhedev
·vor 9 Monaten·discuss
More like a failure on TechCrunch. There is an implied agreement and violating it will result in a flat refusal to talk outside of prepared press releases.

This isn't good journalism and should not be celebrated.
steventhedev
·vor 10 Monaten·discuss
Reading through that I stand corrected. Thank you for sharing a link.

At the same time, if a US person applies and is similarly qualified, they must be offered the job.

Which is trivially abuseable by offering substantially less for the H-1B position. I'm not sure if there's an easy policy solution for that.
steventhedev
·vor 10 Monaten·discuss
No.

The H1-B visa is intended for bringing specific technical expertise that does not exist in the US for a set period of time. This is why one of the requirements is that you must have interviewed US persons first. Its the same reason it's a nonimmigration visa.

The rampant abuse of the visa has a remedy - criminal charges against the HR directors of any company who is found to have committed fraud, and capping the number of visas per company (setting up many shell companies is a strong signal that fraud is being committed).

If an H1-B worker can't negotiate on a global level for their expertise - they should not be on that visa.
steventhedev
·vor 10 Monaten·discuss
%cpu is misleading at best, and should largely be considered harmful.

System load is well defined, matches user expectations, and covers several edge cases (auditd going crazy, broken CPU timers, etc).
steventhedev
·vor 2 Jahren·discuss
You are writing this as if security was a newly invented thing. Having done systems level security development for 12 years, anything that can be produced maliciously will be. By using JSON, you've invented a new vulnerability class for malicious deserialization attacks.

Actually, not new. Earliest CVE I found was from 2017, which feels a decade later than it should be. I guess no one thought of pushing JSON over trusted interfaces, and probably for good reason.
steventhedev
·vor 2 Jahren·discuss
The danger I see is that JSON has lots of edge behavior around deserialization, and some languages will deserialize a 100 digit number differently. If the main benefit is removing the broker and the need for rate limiting - it could have been accomplished without using JSON.