HackerTrans
TopNewTrendsCommentsPastAskShowJobs

brunoborges

no profile record

Submissions

[untitled]

1 points·by brunoborges·12 दिन पहले·0 comments

[untitled]

1 points·by brunoborges·पिछला माह·0 comments

[untitled]

1 points·by brunoborges·पिछला माह·0 comments

[untitled]

1 points·by brunoborges·2 माह पहले·0 comments

[untitled]

1 points·by brunoborges·2 माह पहले·0 comments

[untitled]

1 points·by brunoborges·2 माह पहले·0 comments

[untitled]

1 points·by brunoborges·2 माह पहले·0 comments

[untitled]

1 points·by brunoborges·2 माह पहले·0 comments

[untitled]

1 points·by brunoborges·2 माह पहले·0 comments

[untitled]

1 points·by brunoborges·3 माह पहले·0 comments

[untitled]

1 points·by brunoborges·4 माह पहले·0 comments

[untitled]

1 points·by brunoborges·4 माह पहले·0 comments

[untitled]

1 points·by brunoborges·5 माह पहले·0 comments

[untitled]

1 points·by brunoborges·5 माह पहले·0 comments

[untitled]

1 points·by brunoborges·5 माह पहले·0 comments

[untitled]

1 points·by brunoborges·5 माह पहले·0 comments

[untitled]

1 points·by brunoborges·5 माह पहले·0 comments

[untitled]

1 points·by brunoborges·5 माह पहले·0 comments

[untitled]

1 points·by brunoborges·5 माह पहले·0 comments

[untitled]

1 points·by brunoborges·5 माह पहले·0 comments

comments

brunoborges
·10 दिन पहले·discuss
> price is usually purely determined by the net inflows and outflows as decided by humans.

"as decided by humans", more than 90% of trades are led by bots, so no, price is not being determined by humans.

In fact, we have seen time and again how some weird companies get a huge inflow of purchases simply because of bots misinterpreting news articles.
brunoborges
·10 दिन पहले·discuss
It's time to forbid bots and HFT.

Want to buy/sell a stock?

Humans need to manually submit in the system.
brunoborges
·11 दिन पहले·discuss
"Help me help you" stands.
brunoborges
·20 दिन पहले·discuss
This is how tickets for sports and concerts should always be sold.

Entertainment tends to compare with airline tickets, except that with air travel, there are regular flights and competition. There is no such thing as a single flight from Paris to New York on one Saturday at 9pm on a window of a few years.
brunoborges
·26 दिन पहले·discuss
> Founding cannot be a commodity. If it is, you have no moat or point, meaning you instantly collapse again, because you are an interchangeable commodity.

With the recent AMD announcement [1], local models are likely the future indeed. Cloud will be the place for remote sessions, remote agents, continuous agents. But I foresee a place where phones, laptops, PCs, and even perhaps dedicated hardware just for AI, will be the place for most AI-related workloads.
brunoborges
·27 दिन पहले·discuss
If you get caught with illegal guns and illegal chemicals, well... there are consequences. Bad actors will always find a way, at the risk of getting caught.

However, the vast majority of people will rely on commercial AI models.
brunoborges
·27 दिन पहले·discuss
> But I think mostly it will be used to serve ads.

If only...

I do believe that access to commercial AI should be regulated, heavily taxed, and controlled just as much as access to dangerous chemicals and weapons. Only this way the best AI models are more likely to indeed be used for frugal purposes (sadly, however, including ads).
brunoborges
·27 दिन पहले·discuss
I wonder if there are discussions about POSIX standards on this.
brunoborges
·पिछला माह·discuss
Go to a store that sells fly fishing equipment and talk to a customer or a staff. You may as well end up with a new friend.
brunoborges
·2 माह पहले·discuss
Give me the modern interior design with a vintage exterior design.
brunoborges
·2 माह पहले·discuss
Sonatype allows "io.github.<username>" as a valid groupId and has a process to verify ownership. I am sure other providers like GitLab can work on this.
brunoborges
·2 माह पहले·discuss
That is another important layer. Maven Central is not immune to credential theft. If a publisher token is stolen, an attacker may still be able to publish a malicious new version until the token is revoked or the account is suspended after reporting the problem to Sonatype.

But in the Maven/Gradle ecosystem, most projects pin exact dependency versions. Support for version ranges and dynamic versions exist, but they are generally avoided because they hurt reproducible builds. That means a malicious new release does not automatically flow into most consumers’ builds just because it was published.

I'd go as far to say that NPM should:

1. Enforce scope (namespace) requirement, and require external verification (reverse DNS for example).

2. Disable version range support out of the box. User must --enable this setting from the command line at all times.

3. Remove support for install scripts completely. If someone wants to publish a ready-to-run software, there are plenty of other mechanisms.
brunoborges
·2 माह पहले·discuss
It is 100% up to the package manager's steward to control how ownership of packages and namespaces are granted.

Maven Central exists for decades the amount of incidents of people stealing namespaces is minimal.

One can't simply publish a package under the groupId "com.ycombinator" without having some way to verify that they own the domain ycombinator.com. Then, once a package is published, it is 100% immutable, even if it has malicious code in it. Certainly, that library is flagged everywhere as vulnerable.

It baffles me that NPM for so long couldn't replicate the same guardrails as Maven Central.
brunoborges
·2 माह पहले·discuss
> Claude Code is really good at stuff like this.

A lot of "Claude Code is best at X" claims are probably user-selection bias.

The people saying it are often exclusively Claude Code users, not people who are actively benchmarking Claude Code against Gemini CLI, OpenAI Codex, GitHub Copilot, and other agent harnesses on the same tasks.

The claim may still be true for certain scenarios, but the evidence is usually anecdotal, not comparative.
brunoborges
·2 माह पहले·discuss
Indeed, the fact that maintainers didn't have until only recently the control for disabling Pull Requests tab in a GitHub repo, is what drove a lot of issues in FOSS collaboration over the past decade.

FOSS and open source licenses never ever granted entitlement for contributors to have their proposals reviewed/merged by maintainers. Neither it ever offered entitlement for users to ask for free support.

FOSS is about giving people access to source code so they can do with it whatever they want, and maintainers/authors should have always had the ability to "publish and forget" the source code, without having to deal with those "entitlements".
brunoborges
·2 माह पहले·discuss
AI not finding a security issue on cURL has more to do with lack of widespread security issues than the model's capacity of finding them.
brunoborges
·2 माह पहले·discuss
Cool... why?
brunoborges
·2 माह पहले·discuss
I wonder if a model that does not know anything about a hypothetical programming language X, could write code once given said language X specification, APIs, and SDK tools and their documentation.

Meaning: the model has no idea, no access to examples, no previous codebase trained on, nothing, for language X. But it knows English, it knows how to program in general (training data does contain other programming languages), and everything we expect from LLMs today. It just doesn't know jack about language X.
brunoborges
·2 माह पहले·discuss
> Far too often people think productivity is the point. Maybe the point is developer's understanding of the product IS the product?

This is an interesting take.
brunoborges
·2 माह पहले·discuss
100%... that's why I say code review became unbearable!