HackerTrans
TopNewTrendsCommentsPastAskShowJobs

d_watt

no profile record

comments

d_watt
·5 bulan yang lalu·discuss
It took 20 years for computers to "add" to the economy.

https://en.wikipedia.org/wiki/Productivity_paradox
d_watt
·5 bulan yang lalu·discuss
I think one of the interesting things here is that AI doesn't need to be able build B2B SaaS to kill it. So much of the overhead of B2B SaaS companies is thinking about multitenancy, intergrating with many auth providers and mapping those concepts to the program's user system, juggling 100 features when any given customer only needs 10 of them, creating PLG upsell flows to optimize conversions, instrumenting A/B tests etc...

A given company or enterprise does not have to vibe code all this, they just need to make the 10 features with the SLA they actually care about, directly driven off the systems they care about integrating with. And that new, tight, piece of software ends up being much more fit for purpose with full control of new features given to company deploying it. While this was always the case (buy vs build), AI changes the CapEx/OpEX for the build case.
d_watt
·6 bulan yang lalu·discuss
Regarding the meta experiment of using LLMs to transpile to a different language, how did you feel about the outcome / process, and would you do the same process again in the future?

I've had some moments recently for my own projects as I worked through some bottle necks where I took a whole section of a project and said "rewrite in rust" to Claude and had massive speedups with a 0 shot rewrite, most recently some video recovery programs, but I then had an output product I wouldn't feel comfortable vouching for outside of my homelab setup.
d_watt
·6 bulan yang lalu·discuss
Once we had a slowdown in our application that went unadressed for a couple of months. Using git bisect to binary search across a bunch of different commits and run a perf test, every commit being a "good" historical commit allowed that to be much easier, and I found the offending commit fast.
d_watt
·7 bulan yang lalu·discuss
I’ve been using some time off to explore the space and related projects StereoCrafter and GeometryCrafter are fascinating. Applying this to video adds a temporal consistency angle that makes it way harder and compute intensive, but I’ve “spatialized” some old home videos from the Korean War and it works surprisingly well.

https://github.com/TencentARC/StereoCrafter https://github.com/TencentARC/GeometryCrafter
d_watt
·7 bulan yang lalu·discuss
Looks like after the AI automation rush last year, the leaderboard has been removed. Makes sense, a little sad that it was needed though.
d_watt
·tahun lalu·discuss
That's the point of the experiment I'm doing, what it takes to get these things to be able to generate all the code, and I'm just directing.

I literally have not written a line of code. The AI agent configures the build systems. It executes the `go install` command. It configures the infrastructure via terraform.

It takes a lot of reading of the code that's generated to see what I agree with or not, and redirecting refactorings. Understanding how to describe problem statements that are translated into design docs that are translated into task lists. It's still a lot of knowledge work on how to build software. But now I can do the coding that might have taken a day from those plans in 20 minutes.

Regarding startups, there's nothing here I'm doing that isn't just learning the tools of agentic coding. The business here might be advising people on how to do it themselves.
d_watt
·tahun lalu·discuss
I wonder how much it's self fulfilling, where the developers of the agents are tuning their prompts / tool calls to sonnet.
d_watt
·tahun lalu·discuss
I'm about 50kloc into a project making a react native app / golang backend for recipes with grocery lists, collaborative editing, household sharing, so a complex data model and runtime. Purely from the experiment of "what's it like to build with AI, no lines of code directly written, just directing the AI."

As I go through features, I'm comparing a matrix of Cursor, Cline, and Roo, with the various models.

While I'm still working on the final product, there's no doubt to me that Sonnet is the only model that works with these tools well enough to be Agentic (rather than single file work).

I'm really excited to now compare this 3.7 release and how good it is at avoiding some of the traps 3.5 can fall into.
d_watt
·4 tahun yang lalu·discuss
I feel like you could say the same thing about Twilio, or AWS, or Stripe.

I think there's proven to constantly be a huge market for companies that do the dirty work that everyone knows they could do, but don't have the time or expertise to do.

If they can stay ahead of the curve on having best in class api-ification of the underlying tech, even if they develop competitors with similar quality, they have the momentum of being the brand name now.
d_watt
·4 tahun yang lalu·discuss
A little delayed, but there are plenty of companies doing compliance consulting. Eden Data is a small shop I worked with briefly. If you wanted to talk more, my emails in my bio.
d_watt
·4 tahun yang lalu·discuss
Thanks for the detailed response. I definitely don't take it angrily. One additional point of context is I managed a Series B SAAS companies first SOC 2 (and its renewal) in the recent past, so I definitely understand what you're saying, and I think it lines up with the point I was trying to make.

My main point is you can either treat the SOC 2 as an adversary to overcome, or actually try and leverage it to be better. No matter what it's going to suck and be annoying, though Vanta/Drata can help. But one can leverage it to be a better company.

A less controversial example than background checks is infra cost monitoring. Where a lot of SOC 2 is focused on business continuity, in addition to security, one of the things required is that you're actually paying attention to your costs. A lot of cash flushed VC backed startups don't. So, once SOC 2 hits, the company that's treating it adversarially will just rubber stamp some quarterly meeting where they "look" at infra costs. Or, you can actually take that moment to level up the company to have macro review of the cost of goods sold, an ensure the business is on a healthy path.

Again, not a comment on your article, one of the big takeaways for me in running a security program for years was a general anxiety around being transparent on the program externally, because there's a certain type of "security" person who gets off on picking apart policies, without understanding tradeoffs that we were careful to make sure kept the company safe, while letting it function smoothly.

Coming out with an article like this is a great thing to do, where a lot of content out there is just "we got our SOC 2, and now we're prefect."

I won't comment on the background check thing again, not the least because I don't want to argue more for something I don't like, just think may be a needed evil.
d_watt
·4 tahun yang lalu·discuss
Slightly different, but in a past life working in a field the company had extreme access to people's homes, we definitely weeded out some people who should not be given access to a strangers home using background checks.

Again, they're not ideal, and there's a large social concern of a permanent record like that, but you have a duty of care if your customers are trusting you.
d_watt
·4 tahun yang lalu·discuss
If you're in B2B, plenty of larger companies will disqualify for not having SOC2/ISO27001.

Also, it can help get you out of repeat security assessment questionnaires, so it can actually give you time back, depending on how many of those you have to field.
d_watt
·4 tahun yang lalu·discuss
Those systems tend to stamp your account information into the PDF, as well.
d_watt
·4 tahun yang lalu·discuss
Part of taking on SOC 2 is also choosing whether you want your attitude to be "Let's do the minimum to get past the audit" and "Let's take this framework, and figure out where we can learn from it."

The post mentions background checks. On the one hand, I understand there's a real issue with these. On the other, if my PAAS isn't ensuring repeat offender fraudsters don't have access to sensitive data, that's possibly an area of concern. Hopefully the things they took from the other mentioned company do increase due diligence in vetting employees who have access to sensitive/regulated information.

Use it as a framework to actually think about BCP, DRP, etc, etc, and it won't be a total waste of time.

Edit: Also adding I bring up background checks as an example of learning from vetted practices, rather than trying to attack the decisions of fly. I respect this article, especially where it's easy for people on the internet to criticize decisions, when the reality is security is a series of tradeoffs, and to function as a business means having imperfect processes.
d_watt
·4 tahun yang lalu·discuss
I've never met a company that gave SOC 2 out without an NDA. In fact, I'd consider it a negative indicator of maturity to not require it.