HackerTrans
TopNewTrendsCommentsPastAskShowJobs

tdullien

no profile record

Submissions

Halvar's Guide to Entrepreneurship

thomasdullien.github.io
2 points·by tdullien·18 giorni fa·0 comments

Safer vibecoding via old hacker habits

addxorrol.blogspot.com
1 points·by tdullien·4 mesi fa·3 comments

Ask your LLM for receipts: What I learned teaching Claude C++ crash triage

addxorrol.blogspot.com
3 points·by tdullien·7 mesi fa·0 comments

Tongyi Deep Research – relatively lightweight hi-perf open-source model

tongyi-agent.github.io
1 points·by tdullien·8 mesi fa·0 comments

comments

tdullien
·12 giorni fa·discuss
I should add something about this, but if a market looks like a drunken bar fight, I'd probably not want to go there.

That said: A good market will become crowded quickly in either way.
tdullien
·12 giorni fa·discuss
Good point, will add that. Thanks!
tdullien
·12 giorni fa·discuss
Yeah.

Also - I use the term "coach" broadly here. Many people react very poorly to the term "therapist", and "coach" is a much broader term encompassing both therapy or just people that have significant experience in a field. Or just an older relative or acquaintance that is willing to provide regular advice/feedback.

There's definitely charlatanism, particularly when people advertise themselves as "business coach" or "startup coach".
tdullien
·12 giorni fa·discuss
I don't think you need 8 years to build a product people like, Prodfiler got good resonance and we built it in ~18 months, it would probably take 4 months now...
tdullien
·12 giorni fa·discuss
Yes. Usually, the VCs will want you to not take an extravagant salary, but a solid family with which you can keep your family comfortable. And that's normally the right bar.

And if there are liquidity pressures a few years into the process, and you have traction at Series B or C - don't hesitate to think about a small secondary.
tdullien
·12 giorni fa·discuss
You don't have a product until there's ~3 customers, with perspective to more. Before that you're essentially a consultant. I'll add that to the next version of the doc, too.

The point is: For anything you build, you can find 1 customer. It's only when there's multiple customers that like the product and want to improve it where you move from "consulting" or "custom development" to "product".
tdullien
·12 giorni fa·discuss
I will add a section. Pay yourself a salary at the very latest the moment you've raised funding. If a VC objects to you doing that, get a different VC. You're in for the long run, and support from your family etc. is important, and you're already taking on a huge risk by pooling all your risk in one company, vs. the VC who is happily diversified.

Investors who imply you shouldn't take a salary are no bueno.
tdullien
·12 giorni fa·discuss
Definitely - but those are normally called "development partners" in B2B, right?
tdullien
·12 giorni fa·discuss
Good question. I think I did it to indicate that we sold to public companies.
tdullien
·12 giorni fa·discuss
Author here. I'd be curious what went wrong in your case? (Also, happy to soften that advice further if there's strong evidence that people find the advice detrimental).
tdullien
·2 mesi fa·discuss
The readme says that unless you're using vLLM you're largely out of luck with it?
tdullien
·4 mesi fa·discuss
That's a clever and intriguing idea. I have to think through the security implications a bit though - I don't actually know much about how git operates with regards to hooks etc.

I'd imagine you lose the ability to have the coding agent do the commits for you? E.g. if you just mount the code directory, then an agent running on the remote side can't commit anything, right?

So you'd have to mount the .git directory from the remote side to then push?
tdullien
·6 mesi fa·discuss
The old warez cracking scene had an outsize impact on computer security. GRSecurity, Heartbleed vulnerability, most reverse engineering tools for security, etc. etc. etc.

There's so much history here, touching on all sorts of insanity including selling 0-day to the US government that was then used to apprehend high-level Al-Qaida personnel, random warez busts leading to people taking oversea jobs, etc. etc. etc.

If anyone still has old .NFO archives from 1990-2000, I'd be very interested in getting as many as possible.
tdullien
·6 mesi fa·discuss
The privatization of the train system in Germany was a particularly insane disaster that is only now, 30 years later, being undone/repaired.

If you look at an org chart of the DB these days, the most fascinating part is that DB consists of almost 600 separate corporate entities that are all supposed to invoice each other.

Speaking with insiders, it appears that when the privatization happened, the new corporate structure took what was essentially every mid-size branch of the org chart and created a separate corporate entity, with cross-invoicing for what would normally normal intra-company cooperation. I think the (misguided) goal was to obtain some form of accountability inside a large organisation that had been state-funded and not good at internal accounting.

This fragmentation lead to insane inflexibility, as each of the 600 entities has a separate PnL and is loathe to do anything that doesn’t look good on their books.

Add to this a history of incompetent leadership (Mehdorn, who also ran AirBerlin into the ground, and who was also responsible for the disastrous BER airport build-out), repeated rounds of cost-cutting that prioritized “efficiency” over “resiliency of the network” etc. etc.

DB is currently undergoing a massive corporate restructuring to simplify the 600+ entity structure, but there has been a massive loss of expertise, underinvestment in infrastructure, poor IT (if you see a job ad for a Windows NT4 admin, it’s likely DB), etc. etc. — it’ll take a decade or more to dig the org out of the hole it is in.
tdullien
·7 mesi fa·discuss
There's been an ongoing issue with North Korean state agents infiltrating SV companies, and this proposal helps them pass the interview process more easily.

There's multipronged benefit for them: Access to company infrastructure to potentially cause harm or ransom in the future, access to technology / intelligence, but also simply foreign currency.
tdullien
·8 mesi fa·discuss
Xoogler here (2011-2018). It's heartwarming that a core part of Google culture ("for every problem we have 3 solutions: 2 that are deprecated and 1 that is experimental") is alive and well.
tdullien
·8 mesi fa·discuss
I only remember 2015 TF and I was wondering: why would I use Python to assemble a computational graph when what I really want is to write code and then differentiate through it?
tdullien
·9 mesi fa·discuss
So there's a long intellectual history behind these technologies, and Intel had multiple chances of taking the leadership on this around 2018 - they failed to do so, some of the talent went to Apple, and now Intel has to play catch-up.

I'm pretty certain it'll be the x86 variant of either MTE or MIE.
tdullien
·9 mesi fa·discuss
I don't know tbh, and I gave that talk when I was in terrible shape, so I'm not upset ;).

If people care a lot, I can record a YouTube video on the topic.
tdullien
·9 mesi fa·discuss
With all the negative comments here: This is existing technology on ARM64 (MTE) and on modern iPhones (https://security.apple.com/blog/memory-integrity-enforcement...).

For a good intuition why this (coupled with instrumenting all allocators accordingly) is a game-changer for exploitation, check https://docs.google.com/presentation/d/1V_4ZO9fFOO1PZQTNODu2...

In general, having this come to x86 is long-overdue and very welcome.