HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rpodraza

no profile record

comments

rpodraza
·4 maanden geleden·discuss
At this point I'd highly recommend everyone to think twice before introducing any dependencies especially from untrusted sources. If you have to interact with many APIs maybe use a proxy instead, or roll your own.
rpodraza
·4 maanden geleden·discuss
Press x to doubt
rpodraza
·4 maanden geleden·discuss
Looks like AI agents together with np and postinstall scripts are a match made in heaven!
rpodraza
·5 maanden geleden·discuss
This is great in theory, but answer me sincerely: are you spending less time at work because of AI? Because I reckon for most programmers here it is not the case at all.
rpodraza
·5 maanden geleden·discuss
I think you are completely oblivious to the problems plaguing the NPM ecosystem. When you start a typical frontend project using modern technology, you will introduce hundreds, if not thousands of small packages. These packages get new security holes daily, are often maintained by single people, are subject to being removed, to the supply chain attacks, download random crap from github, etc. Each of them should ideally be approved and monitored for changes, uploaded to the company repo to avoid build problem when it gets taken down, etc.

Compare this to Java ecosystem where a typical project will get an order of magnitude fewer packages, from vendors you can mostly trust.
rpodraza
·5 maanden geleden·discuss
What problem is this guy trying to solve? Sorry, but in the end, someone's gonna have to be responsible and it's not gonna be a computer program. Someone approved the program's use, it's no different to any other software. If you know agent can make mistakes then you need to verify everything manually, simple as.
rpodraza
·6 maanden geleden·discuss
Maybe I'm paranoid, but allowing any coding agent or tool to execute commands within terminal that is not sandboxed somehow will be prone to attacks like that
rpodraza
·6 maanden geleden·discuss
Huh? I go to a nearby cafe solo, all the time, and a lot of other people do, for instance, to read. That's how I met couple of them, actually.
rpodraza
·7 maanden geleden·discuss
I'd rather start a completely new, better language for the browser.
rpodraza
·9 maanden geleden·discuss
Good luck writing Java with notepad.
rpodraza
·9 maanden geleden·discuss
The author of this post reponds like AI
rpodraza
·9 maanden geleden·discuss
I would honestly do so, but if I want to run games and music production stuff (like Cubase) I'm pretty much forced to be on Windows.
rpodraza
·10 maanden geleden·discuss
I spill my drink!
rpodraza
·10 maanden geleden·discuss
If you're a junior and using AI to generate code, someone has to review it anyway, plus you're not learning on the job. So what's the point if the senior person can generate the code herself?
rpodraza
·10 maanden geleden·discuss
Someone should eradicate the npm ecosystem and start from scratch. No sane package manager would allow to run arbitrary scripts or download stuff from God knows where, like random github repos.
rpodraza
·10 maanden geleden·discuss
It looks like they actually got infected as well. So it's not only that, their security practices seem crap
rpodraza
·11 maanden geleden·discuss
If they are so concerned with "model welfare" they should cease any further development. After all, their LLM might declare it's conscious one day, and then who's to decide if it's true or not, and whether it's fine to kill it by turning it off?