HackerLangs
トップ新着トレンドコメント過去質問紹介求人

nijave

2,246 カルマ登録 8 年前
[ my public key: https://keybase.io/nickv; my proof: https://keybase.io/nickv/sigs/qMdHcggaKRYKr002ExXFme5MjZeOQbHt-PyAl_07HDk ]

コメント

nijave
·10 時間前·議論
I write all my code in assembly on paper then manually translate into opcodes
nijave
·10 時間前·議論
>already outsourced their thinking

With the reliability of current LLMs, if you're outsourcing that much of your thinking, you're producing mainly slop and were never a good engineer to begin with.

If you have a quality threshold beyond "it appears to work" then agents still require a lot of hand holding and guidance
nijave
·10 時間前·議論
Eh, agents commits are always too verbose. I don't need a 3 paragraph mini novel. Design can go in a design docs folder, project info goes in the issue tracker.

The commit should be a short summary <1 paragraph for quick context
nijave
·17 時間前·議論
It could be variations in system prompt but I'm not sure how "change the user prompt to encourage tool usage" proves that either way
nijave
·昨日·議論
Yeah, that's fair. I think they're optimized for non technical users without a decent escape hatch.
nijave
·昨日·議論
It's both. Some models, given web search and web fetch may only run a search and assume the summary text is correct and blindly return it. Others will validate by running a web fetch and checking the whole page contents. Even better, the model will run multiple searches and fetches to cross check the information. The best models will attempt to verify whether a source is authoritative or not and try to only return authoritative results.

I have an example here: https://gist.github.com/nijave/2873b8b10d8c732e46264237b0755...

Tldr; all the Claude models had identical tools and some used them efficiently and verified data while others did a crap job and hallucinated responses. Additionally, Exa MCP tools generally worked better even on older/smaller model (Llama)
nijave
·昨日·議論
True but you can have cert-manager issue public certs then create service accounts for off cluster things to be able to pull the cert from the Secret so k8s+cert-manager acts as a local broker that handles renewal.

You can also invert and have k8s cronjobs provision the generated certs into other infra

With this setup, you don't have to worry about the RHEL certbot snap updating to a broken version which gets blocked by SELinux...
nijave
·昨日·議論
We have a few subdomains for white labeling 3rd party SaaS where we do what is basically the AWS ACM equivalent and add a persistent record from a vendor.

With this setup, I don't have to grant 3rd parties DNS access.

I actually made a webhook that allows per hostname API keys to wrap dnsimple because they only had per zone keys and I didn't want each VM to have access to the entire zone. These challenges would have solved that by allowing the DNS record automation to pull record values from the VM instead of having the VMs push values.

I think someone told me dnsimple might have more granular keys now but I haven't checked. Iirc we have the same concern with external-dns at work (some things need subdomains on the TLD but we don't want to give external-dns access to the whole zone so we usually cname the TLD subdomain to a per environment zone external-dns is allowed to update). With this, we could have the same pull based setup that applies arbitrary rules to decide if a requested record should be created.

I think the main takeaway is allowing pull instead of push model

Could be achieved with cnames but it's an extra layer of indirection to deal with and doesn't fully solve the "semi trusted 3rd party" case
nijave
·昨日·議論
On k8s, there's cert-manager but also you need k8s...

Most browsers support trust on first use for leaf certs
nijave
·昨日·議論
My IaC is on public GitHub. They could do a network scan to find software then fingerprint to find version anyway.

Removing attack surface is better than trying to hide it.
nijave
·一昨日·議論
Arguably it's 1/2. You can put public certs on proxy then give proxy private CA to backend services. Then you don't need public certs for all the private stuff nor need to trust the private CA on all your devices.
nijave
·一昨日·議論
[dead]
nijave
·一昨日·議論
I didn't realize the prevalence until I worked at a company trying to get enterprise market share desperate to "add logos" (the customers were always referred to as "logos" if that tells you anything)
nijave
·一昨日·議論
Arguably I'd call that the 90%. In my case, answering the restaurant question correctly with "Rishi" in my tests was the sole intent and 90% of the problem. All the models "helpfully" added extra junk about the closure, dates, quotes, etc and many of them got these details wrong--the 10% or extra crap not central to the question.

If the central question was "what is the bus schedule on `day`" and the model screws that up, it gets a fail in my book.

Also curious if Google Maps gets the timetables correct (assuming it has them).

Semi-related, I also discovered that the default web search/fetch tools are pretty primitive and Exa MCP annihilates them. I ended up doing some comparisons with Claude Code comparing built-in server-side to Exa and to a Python MCP that used SearXNG for search and Exa was a clear winner and Python+SearXNG ended up coming out roughly the same after a few cycles of letting Claude optimize the Python code and adjust SearXNG settings. Ultimately it landed on this (making some changes to optimize returning relevant context directly in the search results so the model didn't need an additional web fetch call) https://gist.github.com/nijave/604c43e3e0fdcd60f5280d3a6b109...
nijave
·一昨日·議論
My gut feel is Anthropic is very technical and pedantic which makes their models really technical and pedantic. They're top at code and technical benchmarks but anecdotally I've found OpenAI to be significantly farther ahead for general usage.

Opus 4.8 will burn 10k tokens trying to answer something 100% whereas GPT-5.5 will burn 2k getting it 90% which is good enough for many things.

Some personal testing on a "help me find that restaurant" prompt https://gist.github.com/nijave/2873b8b10d8c732e46264237b0755...
nijave
·3 日前·議論
Yeah, just another example of "connections pools are hard in general"
nijave
·3 日前·議論
Can also use different database names since pgbouncer lets you remap that
nijave
·3 日前·議論
You can rename the tabs in tmux but not sure if there's a way to do dynamic status (I suspect there is but it's probably non trivial to get it to play nice with the harness)
nijave
·3 日前·議論
Everyone does that. Some random startup "We're used by Google!". More often than not some random engineer signed up for a trial or some tiny department somewhere is using it for some internal thing
nijave
·3 日前·議論
tmux has a mouse switch--does this do more than that?