HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rpodraza

no profile record

comments

rpodraza
·4 bulan yang lalu·discuss
At this point I'd highly recommend everyone to think twice before introducing any dependencies especially from untrusted sources. If you have to interact with many APIs maybe use a proxy instead, or roll your own.
rpodraza
·4 bulan yang lalu·discuss
Press x to doubt
rpodraza
·4 bulan yang lalu·discuss
Looks like AI agents together with np and postinstall scripts are a match made in heaven!
rpodraza
·5 bulan yang lalu·discuss
This is great in theory, but answer me sincerely: are you spending less time at work because of AI? Because I reckon for most programmers here it is not the case at all.
rpodraza
·5 bulan yang lalu·discuss
I think you are completely oblivious to the problems plaguing the NPM ecosystem. When you start a typical frontend project using modern technology, you will introduce hundreds, if not thousands of small packages. These packages get new security holes daily, are often maintained by single people, are subject to being removed, to the supply chain attacks, download random crap from github, etc. Each of them should ideally be approved and monitored for changes, uploaded to the company repo to avoid build problem when it gets taken down, etc.

Compare this to Java ecosystem where a typical project will get an order of magnitude fewer packages, from vendors you can mostly trust.
rpodraza
·5 bulan yang lalu·discuss
What problem is this guy trying to solve? Sorry, but in the end, someone's gonna have to be responsible and it's not gonna be a computer program. Someone approved the program's use, it's no different to any other software. If you know agent can make mistakes then you need to verify everything manually, simple as.
rpodraza
·6 bulan yang lalu·discuss
Maybe I'm paranoid, but allowing any coding agent or tool to execute commands within terminal that is not sandboxed somehow will be prone to attacks like that
rpodraza
·6 bulan yang lalu·discuss
Huh? I go to a nearby cafe solo, all the time, and a lot of other people do, for instance, to read. That's how I met couple of them, actually.
rpodraza
·7 bulan yang lalu·discuss
I'd rather start a completely new, better language for the browser.
rpodraza
·9 bulan yang lalu·discuss
Good luck writing Java with notepad.
rpodraza
·9 bulan yang lalu·discuss
The author of this post reponds like AI
rpodraza
·9 bulan yang lalu·discuss
I would honestly do so, but if I want to run games and music production stuff (like Cubase) I'm pretty much forced to be on Windows.
rpodraza
·10 bulan yang lalu·discuss
I spill my drink!
rpodraza
·10 bulan yang lalu·discuss
If you're a junior and using AI to generate code, someone has to review it anyway, plus you're not learning on the job. So what's the point if the senior person can generate the code herself?
rpodraza
·10 bulan yang lalu·discuss
Someone should eradicate the npm ecosystem and start from scratch. No sane package manager would allow to run arbitrary scripts or download stuff from God knows where, like random github repos.
rpodraza
·10 bulan yang lalu·discuss
It looks like they actually got infected as well. So it's not only that, their security practices seem crap
rpodraza
·11 bulan yang lalu·discuss
If they are so concerned with "model welfare" they should cease any further development. After all, their LLM might declare it's conscious one day, and then who's to decide if it's true or not, and whether it's fine to kill it by turning it off?