HackerLangs
TopNewTrendsCommentsPastAskShowJobs

benregenspan

no profile record

comments

benregenspan
·8 giorni fa·discuss
There is a whole area of research on this. Prosecutors have significant discretion around charging and (suggested) sentence, and this allows bias to creep in. I've heard people debate the quality of specific research on the size of the bias, but not the mere idea that bias is possible at all.
benregenspan
·19 giorni fa·discuss
I'd love for Google to figure out something comparable for the Drive API (currently it's not possible to grant read/write access to a single folder; you need to grant access to the entire drive!): https://issuetracker.google.com/issues/36760598?pli=1

I think the fact that the above issue has been open for a very long time is one indication of how difficult and sensitive this type of access control API is. The Google Drive API could be a proving ground for getting the UX right for this (including tricky details like how to manage persistent access to a folder with clear disclosure and user controls).
benregenspan
·mese scorso·discuss
Well FWIW, all of my attempts to short have generated losses.
benregenspan
·2 mesi fa·discuss
Is the "Jia Tan" XZ Utils compromise not a good example? That relied on code snuck into a release that was not in source.

(It was caught before being promoted into a stable Debian release, yes, but this sort of relied on a happy accident, too close for comfort)
benregenspan
·2 mesi fa·discuss
The first octet of the IP it resolves to is "192", maybe someone implemented the check for private/internal range wrong and is only looking for that.
benregenspan
·3 mesi fa·discuss
What I'm wondering is if this requires sending the full list of extensions straight to a server (as opposed to a more privacy-protecting approach like generating some type of hash clientside)?

Based on their privacy policy, it looks like Sift (major anti-fraud vendor) collects only "number of plugins" and "plugins hash". No one can accuse them of collecting the plugins for some dual-use purpose beyond fingerprinting, but LinkedIn has opened themselves up to this based on the specific implementation details described.
benregenspan
·4 mesi fa·discuss
I think the point is that some of the extra words OP is complaining about aren't needless. It's on the writer to know their audience, but it's also asking a lot to tune a message in a PR review to the one particular person who demands bluntness, especially if they don't know that person well. If the majority of people in the organization respond positively to a certain style (which may involve some amount of phatic speech), then the person who is "over-writing" here is probably making a good decision.

Once I build rapport with someone, I tend to be more blunt, but still balance that with the fact that other people may be reading the interaction, and I don't want to model a rude communication style.

An organization can choose to promote a very direct approach to feedback (Bridgewater is famous for this), but it requires top-down work to get everyone on the same page, not just expecting one developer to mind-read another.
benregenspan
·5 mesi fa·discuss
It seems like the goal of the default configuration is preventing script injection while being otherwise very permissive. Basically, "safer than innerHTML, even when used very lazily". But I would expect guidance to evolve saying that it almost never makes sense to use the default and instead to specify a configuration that makes contextual sense for a given field.

The default might be suitable for something like an internal blog where you want to allow people to sometimes go crazy with `<style>` tags etc, just not inject scripts, but I would expect it to almost always make sense to define a specific allowed tag and attribute list, as is usually done with the userland predecessors to this API.
benregenspan
·5 mesi fa·discuss
This is what I'd say about someone who sold their extension today, but I don't think this business model was nearly as well-known 15 years ago.
benregenspan
·5 mesi fa·discuss
> being the type of slurry that pre-AI was easily avoided by staying off of LinkedIn

This is why I'm rarely fully confident when judging whether or not something was written by AI. The "It's not this. It's that" pattern is not an emergent property of LLM writing, it's straight from the training data.
benregenspan
·6 mesi fa·discuss
It's mystifying. A relative showed me a heavily AI-generated video claiming a Tesla wheelchair was coming (self-driving of course, with a sub-$800 price tag). I tried to Google it to quickly debunk and got an AI Overview confidently stating it was a real thing. The source it linked to: that same YouTube video!
benregenspan
·6 mesi fa·discuss
I think they meant it has much larger % share of pickup market in Europe vs US, not necessarily higher absolute number of sales (https://media.ford.com/content/fordmedia/feu/en/news/2025/02...)
benregenspan
·6 mesi fa·discuss
For anyone who takes doing their taxes seriously, this is a nightmare. Every pint ordered involves a capital gain (or loss) for the buyer. At a certain point you're doing enough accounting that you might as well be running the bar yourself (or just paying in cash)!
benregenspan
·6 mesi fa·discuss
> Pop-ups are back, and they’re worse than ever

The article opens with a screenshot of genuine pop-ups, and they are clearly so much worse than the (still annoying) modals presented later in the article. In the past, sites spawned a mess of popups that extended out of the browser window and persisted even when the page was navigated away from. Now if you don't like what the page is doing, you can at least just navigate away.
benregenspan
·6 mesi fa·discuss
Because the natural order of things is wild shih tzus hunting down cows?
benregenspan
·6 mesi fa·discuss
It seems like their pet food business (where they were competing with input-intensive meat products) could genuinely have been sustainable, if they hadn't taken so much time to figure out that competing on livestock feed is hopeless.
benregenspan
·7 mesi fa·discuss
They might be the "wrong" oil companies. (In the case of Empire Wind, the administration is probably at best indifferent about screwing over the Norwegian state oil company.)
benregenspan
·7 mesi fa·discuss
Having seen similar patterns play out at other companies, I'm curious about the organizational dynamics involved. Was there a larger dev team at the time you adopted microservices? Was there thinking involved like "we have 10 teams, each of which will have strong, ongoing ownership of ~14 services"?

Because from my perspective that's where microservices can especially break down: attrition or layoffs resulting in service ownership needing to be consolidated between fewer teams, which now spend an unforeseen amount of their time on per-service maintenance overhead. (For example, updating your runtime across all services becomes a massive chore, one that is doable when each team owns a certain number of services, but a morale-killer as soon as some threshold is crossed.)
benregenspan
·8 mesi fa·discuss
How would this apply to, say, public libraries?
benregenspan
·8 mesi fa·discuss
This is a good example, because a "freeway" is free at point of use, but obviously understood to not be free of construction and maintenance cost. It is called "freeway" because "free-to-drive-on highway" would be too wordy.