HackerTrans
TopNewTrendsCommentsPastAskShowJobs

a-dub

no profile record

comments

a-dub
·12 giorni fa·discuss
it will be interesting to see if any new formats emerge. if ai kills the take home, what can replace it for similar "let's see how far you can go if you have resources available" style examinations?

maybe we'll see specialty chatbots that give the equivalent of oral examinations and/or are willing to provide reference material but not make suggestions, connections, solutions or generate prose on behalf of the user?
a-dub
·14 giorni fa·discuss
cool to see rustdesk. low level memory bugs were long mysterious and i think often received most of the attention for this reason, but always fun to see reminders that "nope, good ol' fashioned logic bugs in high level languages have security implications too." if anything, i think they sometimes are more clever as they require deeper understanding of what the code actually does, intends to do and what was overlooked rather than the common set of bookkeeping errors that are often the root of the memory bugs.
a-dub
·19 giorni fa·discuss
i wonder if it's about protecting it from extraction/distillation or if it's about not having to answer for surface that hasn't been properly vetted for public consumption. (ie, is someone going to sue them or complain or write blog posts because the thinking has transient things that people don't like where the final result is what is actually vetted?)
a-dub
·20 giorni fa·discuss
i agree with the author. i argue a preference for loose coupling over centralized abstractions. sure it's pleasing to compress the code, but if the use cases actually are sufficiently divergent (as well as bugs and externally driven changes) ultimately it becomes brittle, littered with edge cases behind if fences and both challenging and daunting to change.

ideal case: support libraries and then very simple duplicated code that is easy to read and modify. critically the core control flow should remain duplicated, but simplified by the support libraries.
a-dub
·23 giorni fa·discuss
my first reaction: this pivot makes no sense at all to me.

my second reaction: maybe it does? did they hire up an army of physicists to make better diffusion models or something and they actually have people on staff who can do this?
a-dub
·24 giorni fa·discuss
that's how i understand it. it's a portfolio with front matter, back matter, the papers that got published with some connective tissue between them and maybe some discussion of the things that didn't work out and why.
a-dub
·24 giorni fa·discuss
symbolic music features are interesting! they should add chroma!
a-dub
·24 giorni fa·discuss
yeah, i think you're right. i originally read a bit of snarky blow-off, like "eh?" ... but you know, now that i think of it, it's actually does have more of a friendly canadian style vibe.
a-dub
·24 giorni fa·discuss
the '90s version of finding the hiring manager or boss on linkedin to try and get a job was connecting to the company's public smtp server with telnet, using their name to probe different email address patterns with "rcpt to:" (those days the actual servers were often directly connected to the internet and would leak email address validity in how they would respond to rcpt to) and then sending them a nice email.

smtp grew up to be an antisocial curmudgeon. extended smtp starts with EHLO.
a-dub
·25 giorni fa·discuss
because in those days there was no curl, or wget. and then when there was, there was no guarantee they'd be installed.

telnet was always there though. it also worked for speaking all the other plaintext internet protocols. (imap, pop, smtp, etc)
a-dub
·25 giorni fa·discuss
it's not that insane. i've been manually typing http requests in since before http/1.1 and the mandatory host header.

it is insane to use it for anything serious (also the opposite, implementing webservers in bash), but for quick testing it's pretty great!
a-dub
·26 giorni fa·discuss
blindly trusting upstream is not really a reasonable posture. that is pretty much the source of all software supply chain attacks.

there is work involved in figuring out how to get the complete diff of the code and dependencies that are included in the change, plus review time. this could range anywhere from 5-10m to 1h per package updated- if not more.
a-dub
·26 giorni fa·discuss
pretty much all of them. the diffs only really show that it's coming from the same source, the changed hash and maybe some urls for some patches. actually looking at what is in that changed hash is a much more complicated story. this gives end users a false sense of security ("i read the diffs" -- not really), and attackers a clean vector (all it takes is one bad commit that might not even be on a real branch, or linked patch or late download dependency in the package itself).
a-dub
·28 giorni fa·discuss
i read all the pkgbuild diffs, still doesn't give me a good sense. sure, i can verify that it's coming from the official repo but even then there's no guarantee that there isn't junk in there or that the git ref is actually pointing at the right thing.

it would be better if there were stronger community moderation and review that has stamps i can trust rather than this idea that eyeballing build scripts is a reasonable security posture.
a-dub
·29 giorni fa·discuss
two scenarios i could think of where there's additional risk for bio/nuclear weapons 1) basement lab leaks and 2) improving quality of execution for shops that are already resourced enough to hire experts but maybe they're not that great.

i think the correct answer is probably to funnel more money to global (bio)security initiatives and maybe use ai leverage as a way to get more of the world on board. (some kind of access to nvidia or cloud ai or whatever in exchange for policy commitments deal- while that leverage lasts).
a-dub
·29 giorni fa·discuss


  i built a turbofan
  https://app.confbuild.com/p/z459
  
  now I want to build a complete Airbus as detailed as possible with give budget
a-dub
·mese scorso·discuss
the claimed inference cost is 2x. if that is true, it is massive and remarkable that they're able to do anything like this at all.
a-dub
·mese scorso·discuss
i thought this was all fixed with special modes of clone that are optimized and don't actually copy anything (ie, it creates a new deficient process that can pretty much only exec)?
a-dub
·mese scorso·discuss
yeah this is the actual key. an actually useful title and a stable link to the discussion around the change.

conventional commits are pleasing, but questionable actual utility. the code speaks for itself. the actually useful information is a well chosen title and the context for the change.
a-dub
·mese scorso·discuss
here's an idea for an "experienced" technical interview structure. "we care about x, y and z. you have forty five minutes to convince us that you will meaningful help us achieve our goals. we then will take 30 minutes to push on technical details as we see fit. you will be judged based on technical content, choices, taste and your overall approach and strategy for moving us forward and convincing us that you're the right person to do it. good luck!"