HackerTrans
TopNewTrendsCommentsPastAskShowJobs

zrobotics

2,717 karmajoined hace 8 años
I can be reached at <username> at Google's mail service.

comments

zrobotics
·hace 3 días·discuss
So you've never actually studied philosophy or mathematics formally, yet you can succinctly claim that philosophy is easier than math? FWIW, I hold math and CS degrees, and fulfilled as many of my humanities requirements with philosophy classes as I could (although I didn't take anything beyond a 300 level course, and grad level is where both math and philosophy explode in difficulty).

For me at least, I found CS the easiest, followed by math, with philosophy the most difficult and challenging. With philosophy, you need to be as rigorous as when writing a mathematical paper, but at least with math there is a highly structured and rigid format. I can easily see why mathematics, for a very long time, was considered a subfield of philosophy.

Personally though, I'd challenge framing entire disciplines as easier or harder than each other, I think that's an individualized thing. Some people could easily find philosophy much easier than a computer science course. For me, I'd really struggle and probably couldn't complete a fine arts degree. I've just never been able to draw or paint, it's just a skill I've tried but failed to be able to develop. So in general understanding an art degree is the easy degree to BS your way through, but I'd find a fine art bachelor's degree harder to complete than a math PhD. At least unless it was a degree that didn't require any studio classes, so maybe art history?
zrobotics
·hace 11 días·discuss
Wait, so self hosting but I don't host my own email? So you guys just want to run your own mailserver and give people custom emails?

That sounds like negative utility. That would make hosting an email server on one of your domains harder than hosting it on a .com, so what benefit is this providing?
zrobotics
·el mes pasado·discuss
I'm not trying to be snarky, but it sounds like you have never had to implement an online payment system directly using a merchant account. If you've only used something like Stripe, there's a lot of requirements and compliance that the card companies do that has been abstracted away.

Visa & Mastercard have pretty singularly forced online payments to the level of security they are currently at. PCI compliance is pretty much solely driven by the card companies. If your payment details leak then yes, they want to issue you a new card. Half of that is making the customer feel better, but the other half is that the secrets need to be rotated since they've been exposed. SSH keys aren't vulnerable if generated properly, but if you expose the private key then the key needs rotated.

If you actually follow PCI compliance standards, there is no way to leak a customer's full payment details that I'm aware of. You could still leak other PII, but card # and CVC are something you can't access even with admin privileges on your recurring billing app.

So the card companies do quite a lot to protect against fraud and make people comfortable using their cards for online purchases. They just do this by requiring merchants to follow specific minimum practices. I'm not trying to glaze them, there is more they could do; and they do this to protect their bottom line. But fraud charges cost them a lot of money, and their interests align with consumers in this case to prevent fraud as much as they can.
zrobotics
·hace 2 meses·discuss
It's 100% a racket. Your code could have been 10x worse and still passed, I doubt the auditors even looked at the code. It's a legal box-checking exercise, there really isn't much of an actual review besides the documentation. But my god is there a lot of documentation and paperwork.
zrobotics
·hace 2 meses·discuss
If they don't have a strict requirement on SOC2, then either PCI compliance or NSA CISA are more easily done without needing tons of money.

Edit: PCI would only apply if you are processing customer funds Iirc, it's been a few years since I went through one but thereay be some caveats for that to apply.
zrobotics
·hace 2 meses·discuss
Do they? Every time I've been asked about SOC compliance, it turned out the underlying reason was either insurance or a requirement the customer had from their downstream customer. Neither of those cases would be negotiable, the customer's insurance company only cares about a checkbox that "All vendors are SOC2 compliant and relevant documentation is on file".

That said, actually being SOC compliant isn't that hard aside from the paperwork aspect. Any competent firm should already be doing all the things required, it's the bare minimum for security. There really shouldn't be any code or process changes needed, if there are you are woefully inadequate from a security standpoint. SOC2 is below the bare minimum for actual security, but it's the standard firms have settled on.

That said, actually getting a valid SOC2 audit completed is expensive and for a solo dev you can expect at least a month of lost time. I wouldn't pay out-of-pocket for an audit, but if you're in a space where customers are asking it can be a selling point. One strategy would be to negotiate reduced terms with a potential client to use their auditing firm and have them split costs on the audit. This would need to be a very hot sales lead, since it's a big ask, but it might be worth exploring. They likely already have an established relationship with an auditor, and having a referral will cut the price down.

SOC is just a box ticking exercise and doesn't improve security at all. Or at least it shouldn't, if you don't already meet their requirements you need to either shut down your side hustle or completely revamp your processes. That said, the box-ticking is extremely tedious and involves reams of paperwork. It would be doable as a solo entrepreneur, I worked through the process in a company of 6 employees, but it's not fun or productive.
zrobotics
·hace 2 meses·discuss
Bold claim without any provided source. Do you have a link to back up that ASLR is a complete non-factor?
zrobotics
·hace 2 meses·discuss
Plus, I've never understood the argument that cloud is better because you don't need to deal with the complexity of managing a server. Yes, it's a very deep topic and there's a lot of nuances to managing a Linux box serving web content, but we've been doing that for decades and there is tons of information and tooling available.

Every time I've needed to manage something on AWS I've been shocked at just how over wrought the whole system is. There's tons of As-specific terminology for everything, and lots of stuff is tremendously complicated to manage. I can definitely understand why companies need to hire people who are experts in AWS specifically, it's complicated enough to justify that. However, for me personally I'd rather learn more traditional sysadmin systems. The skills are more evergreen, and I'd rather spend my time learning open systems than one tech giant's specific system.

About 6 months ago I needed to migrate some of our systems from DigitalOcean to Hetzner. It was a 2 day process that was very painless. The only complicated bit was managing the DNS switchover with zero downtime. If we were moving those same 3 components from AWS to GCP or Azure, it would have involved needing to rearchitect and rewrite a lot of software.
zrobotics
·hace 3 meses·discuss
I took a very similar class 9 years ago, and it was honestly one of the most helpful things I got out of my CS degree. The low level and limited tooling taught me to think before I start writing.

I've had other people look askanse at me, but on greenfield work I tend to start with pen and graph paper. I'm not even writing pseudocode, but diagramming a loose graph with potential functions or classes and arrows interconnecting them. Obviously this can be taken too far, full waterfall planning will be a different exercise in frustration.

I find spending a few hours planning out ahead of time before opening an editor saves me tons of time actually coding. I've never had a project even loosely resemble the paper diagram, but the exercise of thinking through the general structure ahead of time makes me way more productive when it comes time to start writing code. I've tried diagramming and scaffolding in my editor, but then I end up actually writing code instead of big picture diagramming. Writing it on paper where I know I'll have to retype everything anyway removes the distractions of what method to use or what to name a variable.

The few times I've vibe-coded something this was super helpful, since then I can give much more concrete and focused prompts.
zrobotics
·hace 4 meses·discuss
I'm on mobile so can't easily pull up an example part number, but digital signage controllers can often be PoE powered. They're insanely overpriced new from the actual suppliers, but for hobby projects they can normally be sourced relatively easily on ebay. The trick is that many of the ebay sellers don't bother listing the specs, so you need to first search digital sign cintroller/computer on ebay then look up the spec sheet from the model number.
zrobotics
·hace 5 meses·discuss
Every programming job I've ever had, I've been required at certain points to make open source contributions. Granted, that was always "we have an issue with this OSS library/software we use, your task this sprint is to get that fixed".

I won't say never, but it would take an exceedingly large comp plan for me to sign paperwork forbidding me from working on hobby projects. That's pretty orwellian. I'm not allowed to work on hobby projects on company time, but that seems fair, since I also can't spend work hours doing non-programming hobbies either.
zrobotics
·hace 7 meses·discuss
I don't expect radiologists to have a good understanding of the software involved in the control loops for the equipment they operate. Why should a lawyer have to have a mental model or even understand how the pdf rendering engine works?

Have you ever had to actually react a document in acrobat pro? It's way more fiddly and easy to screw up than one would expect. Im not saying professionals shouldn't learn how to use their tools, but the UI in acrobat is so incredibly poor that I completely understand when reaction gers screwed up. Up thread there's an in complete but very extensive list of this exact thing happening over and over. Clearly there's a tools problem here. Actual life-critical systems aren't developed this way, if a plane keeps crashing due to the same failure we don't blame the pilot. Boeing tried to do that with the max, but they weren't able to successfully convince the industry that that was OK.
zrobotics
·hace 7 meses·discuss
Building the torment nexus...
zrobotics
·hace 7 meses·discuss
This is an inherently weak fastener design, it requires the driver to have 2 separate 'pins' to fit the 2 quadrants of the logo. Even with a proper forged tool this will be weaker than a torx or hex bit. Basically the only way this would be manufacturable is 2 forged pins shaped like quarter circles that are pressed into a socket.

This isn't that different to how other bit sockets are made, but instead of loading the bit in torsion, it will be subject to bending forces to loosen the bolt. This will make it far weaker than other tools. So good luck loosening these once they have a few years of corrosion on them. Plus, with the head design, they'll be far harder to drill out to get a bolt extractor on. Although 3d printing and scanning don't really help that much here.
zrobotics
·hace 7 meses·discuss
I'm sure that's what Disney's lawyers specified in the contracts and what their execs expect. However, judging by how LLM controls have gone in the past, I'm fully expecting to see a slew of awful content featuring Disney's characters in the days after this launches. OpenAI also probably won't ever be able to actually stop people from generating harmful content with the characters, but the volume of awful stuff will probably eventually slow down as people get bored and move onto the next controversial thing.
zrobotics
·hace 7 meses·discuss
So what grocery stores used to be ~90 years ago, when the norm was you would give the clerk a list and they would grab your items from the back? The only stores I'm still aware of that are setup like this are auto parts stores, where 90% of the inventory is in the back.
zrobotics
·hace 8 meses·discuss
"If you are eluding the cops at 100mph you are a danger to the public, they are not going to let you go home."

I'm not sure that the cops pursuing people at those speeds is doing anything besides making the situation more dangerous. Police in the US are grossly undertrained, I wouldn't trust them to actually be competent at what is very technical and difficult driving.

One would think that basic firearm safety would be the bare minimum, since we pay them to carry a gun. However, I have had to vacate a shooting range 3 times due to police showing up and being unsafe with firearms. I have had this happen in 3 different ranges, where off-duty cops have shown up and proceeded to ignore basic safety rules like not flagging people with guns. I'm not dumb enough to try to give a cop a safety lecture, so I've always packed up my stuff and left. However, if they aren't even given enough training to not figure out to point their guns downrange instead of at the firing line, they aren't trained well enough to trust with something technical and difficult like a pit maneuver.

One of these times was at a CA range, they were socal cops. Training standards for police in the US are woefully low, most cops aren't able to hit the broad side of a barn given ideal circumstances. They agitate about how dangerous their job is, but they don't train like it is. They fire a few rounds a year and have absolutely horrendous marksmanship standards. Don't get fooled, your average cop has roughly zero idea on firearms safety or even how to use the darn things.
zrobotics
·hace 8 meses·discuss
I would argue that your 2 first examples are exceedingly apt. Sure, sculptors can turn clay into works of art and masons can build cathedrals. However, a potter can throw a basic jug to hold wine that doesn't have any care out into it besides being functional, and a mason can build a retaining wall.

These second examples aren't any less valuable, they solve real problems and improve people's lives. However, they aren't really art. Writing code is the same thing. I'm not creating art when I hack together yet another CRUD app that is basically plumbing together existing modules with a tiny bit of logic sprinkled on top, but it improves how our business functions and makes the employees who use the software more productive. That isn't art, but it's useful.

There is code out there that is art. But most programmers aren't writing it. We're writing the boring everyday stuff. Very few masons built cathedrals, but building a retaining wall is useful too.
zrobotics
·hace 8 meses·discuss
I mean, that certainly is a hot take, but you are getting down voted without people responding why.

I can certainly understand just wanting filler content just for background noise, I had the history for sleep channel recommended to me via the algorithm because I do use those types of videos specifically to fall asleep to. However, and I don't know which video it was, but I clicked on a video, and within 5 minutes there were so many historical inaccuracies that I got annoyed enough to get out of bed and add the channel to my block list.

That's my main problem with most AI generated content, it's believable enough to pass a general plausibility filter but upon any level of examination it falls flat with hallucinations and mistruths. That channel should be my jam, I'm always looking for new recorded lectures or long form content specifically to fall asleep to. I'm definitely not a historian and I wouldn't even call myself a dilettante, so the level of inaccuracies was bad enough that even I caught it in a subject I'm not at all an expert in. You may think you are learning something, but the information quality is so bad that you are actively getting more misinformed on the topic from AI slop like that.
zrobotics
·hace 8 meses·discuss
Just putting this out there: 4 months ago a friend's Samsung fridge (6 months old at the time, 2500USD price) failed due to a refrigerant leak. They had to spend 20 hours total on online chat and phone calls to get their warranty claim, and it took several weeks.

So you absolutely don't want any Samsung appliances, even the non 'smart' ones.