HackerLangs
TopNewTrendsCommentsPastAskShowJobs

cvwright

2,229 karmajoined 12 anni fa
Recovering academic. Security and privacy research engineer.

comments

cvwright
·7 giorni fa·discuss
[flagged]
cvwright
·9 giorni fa·discuss
You should try writing a design doc with the AI before you have it write the code. It will make random extrapolations from your first prompt, some good and some bad. Then you get a chance to argue back and forth with yourself with the robot as a helper.
cvwright
·mese scorso·discuss
The best early example of this is that Anthropic is already eating the lunch of all the new “AI security audit” companies. And they were only a few years old.

Those guys certainly thought they were being novel and creative, using AI to disrupt an expensive and labor intensive business model. But now with Claude Security, their own market share is going to be gobbled up before they can even get established.
cvwright
·2 mesi fa·discuss
Unfortunately even in the old days, a truly good programming book like you’re describing was depressingly rare.

Younger me really enjoyed some of the game programming books by Andre Lamothe.

Most “Learn Language X” books were terrible with over focus on syntax and very little thought into organization.
cvwright
·2 mesi fa·discuss
LLMs are bringing us back to all the “proper” software engineering stuff that we’ve always known we should be doing, but until now we never had enough time/people/money to do it right.

Brainstorming and research before writing a design.

Writing a design or spec before writing the code.

Comprehensive unit tests.

Etc etc etc.

Like you, I get vastly better output from the tool when I create a detailed spec in markdown before I let it start coding. And bonus, the LLM is pretty good at helping with the spec too.
cvwright
·2 mesi fa·discuss
You’re arguing that we have too many PhD students in CS, not too few.

I agree with you fwiw.
cvwright
·2 mesi fa·discuss
re: incentives, my proposal was always to let schools pay their football and basketball players, but require that grad research assistants are paid the same.
cvwright
·2 mesi fa·discuss
I worked a ton in grad school, and it definitely sucked at the time.

But it’s crazy to complain about getting paid to go to school. A grad stipend is there to minimally support you so you don’t have to get another job and can focus on your research. It’s not supposed to be a career!
cvwright
·2 mesi fa·discuss
Even that press release never claimed that Mythos was better than Opus at finding bugs.

They claim the huge advance is in exploiting the bugs.
cvwright
·2 mesi fa·discuss
The word “exploit” may be doing a lot of work here. In my experience Opus 4.6 is perfectly happy to provide test cases that trigger ASAN, even without the super secret squirrel security access.

But if you ask it to get you a shell it’ll probably tell you to get lost.
cvwright
·2 mesi fa·discuss
It’s been said that the British executed about 1% of their population each year for a few hundred years, and that a similar number died in prison.

The claim is that this made Britain a much safer country in later centuries.
cvwright
·2 mesi fa·discuss
New section, like pre-crime but for history. Pre-history.
cvwright
·2 mesi fa·discuss
And you don’t have to worry that some random passenger will piss, puke, or shit in the Waymo during your commute.

The first two happened to me within the span of a month during the three years that I rode Trimet in Portland.
cvwright
·3 mesi fa·discuss
Unless the data is a lagging indicator
cvwright
·3 mesi fa·discuss
Are Mississippi and Louisiana at the top of the pay scale?

Then why are their reading scores improving so dramatically compared to wealthier states? Especially for under-privileged populations?
cvwright
·3 mesi fa·discuss
Because the Brits will never be accepted by the locals as a Thai or Vietnamese or whatever, and they know it.

Whereas in western countries we have “new Germans” or “new British” from all over the world.
cvwright
·3 mesi fa·discuss
It’s easy to find sketchy lines of code in any large C project.

The big advance that they are claiming with Mythos is the ability to triage all the hundreds of candidate vulns and automatically generate exploits to prove that the real ones are real. And if they’re really finding 27-yr-old 0-days in OpenBSD, then it’s not just hype.
cvwright
·3 mesi fa·discuss
Right. It’s things like Baltimore (when I lived there) requiring that high speed internet had to roll out in poor areas first, before it could go into the rich neighborhoods.

But this was the early 2000s and the internet was still “new”. Only the richer areas cared and were willing to pay the price. Letting them have first (or even equal!) access would have made it easier to fund the rollout in low income areas.
cvwright
·3 mesi fa·discuss
I thought that was kind of how the hard sciences work already?

My grad school friend who was a physicist would write his talk just before his conferences, and then submit the paper later. My experience in CS was totally backwards from that.
cvwright
·3 mesi fa·discuss
Find-then-patch only works if you can fix the bugs quicker than you’re creating new ones.

Some orgs will be able to do this, some won’t.