HackerLangs
TopNewTrendsCommentsPastAskShowJobs

Quothling

898 karmajoined há 2 anos

comments

Quothling
·anteontem·discuss
I'm not sure there is any value in knowing shit about AI. I know quite a lot about enterprise organisation level AI, but really, you could just ask an AI and it'd guide you through the processes. Knowledge in general is going to become real cheap in the age of AI. I've been a data archtiect in the past, so I used Opus 4.8 as I would've used a consultant agency on how to do our data architecture for multiple standard systems which can't directly share data with eachother. After a couple of hours with it as a sparring partner, I had some pretty awesome powerpoint decision making slides, one for c-levels and one for it-management.

Since our owners also own an IT consultant agency, I ran the same process through with one of our regular consultants who is an actual awesome data architect. The output was strikingly similar, well except that I/we didn't need to make the slides. I then had him run over the actual slides, and all we changed was adding a { between some arrows to make the source of the arrows more clear.

We're still going to use real human consultants in the loop because they are readily and freely available, and because this is still new. I doubt we'd want to spend 100 consultant hours on something like this in 5 years though. I mean, we'd still do it for decisions where we'd want someone to blame.
Quothling
·há 3 dias·discuss
> How about the dependencies Bun is pulling?

What dependencies? OpenSSL, libc or?

> segfaults

Those would not be a compliance issue though.
Quothling
·há 3 dias·discuss
I think it does. I know this is through Microsoft, but they give you a month free of Cowork which is currently Opus 4.8 (or at least they did for us) and I doubt we'd ever go back. When I say "we" it's the enterprise organisation "we", but this also where this sort of spending won't stop anyone. I can't go into exact details, but if our first month had not been free, then our most expensive user would've hit around $1000, while our average (among users who've adopted it and actually use it) is around $100. Neither of those numbers would matter in a budget.

I've had the pleasure of setting up limits because Microsoft needed billing policies before our C-levels have even gotten it on their agenda. So I set up a sort of conservative $200 personal limit, but then setup a $1m shared limit pool that anyone can be moved into with management approval. I suspect our limits will be much higher than this once the C-levels make the decision on an actual company policy. I think we'll see these spending limits mainly used as guardrails to prevent accidental spending, but that there will not really be a ceiling, just some approval gates. Some managers are already requesting usage reports, but not to track spending, they want to see who uses too little AI.

This is the difference between enterprise and small companies and individuals. When you spend $500k a month keeping your toilets stacked with papertowels, toiletpaper, soap etc. then $1m a month on AI isn't going to raise any eyebrows.
Quothling
·há 5 dias·discuss
I think orchestration is the perfect description. In enterprise you have a bunch of standard systems which play by their own tune, and even with a lot of the "low-code" options you're going to build systems that transfer data to the right system at the right time. Like a director of an orchestra.

Having spent a lot of time in enterprise which is not related to software development (or IT at all) I'm pretty familiar with a lot of the low / no code or Robot Process Automation systems. Which always end up requiring specialized developers, except, you can't hire software developers for them so you end up with various consultants creating huge messes. Microsoft's Cowork is the first time I've seen a system which can actually directly replace people who aren't experts in their business domain. It requires a lot less than any other system I've seen before. You need someone who has global, intune and AI admin in the Microsoft ecosystem, who know enough about software development to evaluate an app to be safe and efficient and how to debug it, and a domain expert. Then you'll have something which "just works". It's scary really.

I had no domain knowledge of PowerBI like at all, and while I could fill a data architect role, I would have never been able to do anything beyond a semantic model in Fabric and even on the semantic model it's not like I've ever worked with DAX. Yet Cowork (with read access to the Fabric workspace) could guide me through the process of creating a powerBI report set which was good enough that the business wanted to use it with a few minor improvements... Five months ago, this would have been a 2 people job. Now I was basically a puppet getting told which button to click in the report editor. If Cowork had write access it wouldn't have needed me in the loop once the data was delivered to the datalake it shortcutted to.
Quothling
·há 5 dias·discuss
It depends. Ah, well I guess it's a litlle unfair to say that because in the context of your question I absolutely didn't mean for it to be taken literally and I should've been more clear. It does depend on domain though. For some of our engineering and control software it is almost meant literally. Since we'd have very few abstractions beyond the language primitives because of explicity.

For what you were asking though, it's not no-abstractions it's YAGNI where business logic lives in "just" functions which operate on plain data structures with runtime assertions and validation. The data structures will usually include domain specific types. There are no classes, object hierachies or architecture abstractions, at least, there almost never ever are. When it absolutely doesn't make sense not to introduce an abstraction beyond what we typically want, then it's allowed. This pains a lot of Uncle Bob's disciples, until it doesn't.

The advantage of it is that we've found that it works really well with LLM's. At least in my experience they seem to be absolutely excellent with explicit, localized code instead of layers of indirection.
Quothling
·há 6 dias·discuss
> The thing about Zig in these times is that it proves that software development as a craft is not dead or replaced by LLMs.

We've heavily adopted LLM's, to the point where I'll often not touch any code and have a better and more maintainable codebase than if it had been written by any of our developers (myself included). I'm not sure it would be possible if our philosophy wasn't explicity, no abstractions and defensive programming, but when every function is it's own thing with runtime assertions and ways of dealing with corrupt states as soon as they happen. Well... the LLM can do that when you can.

That being said. I think it's not new that you can write computer software without computer science, until you can't. Where I see the challenge with LLM's and software development as a business is that a lot of software developers work(ed) that can be automated because they don't actually require computer science as such. Having setup company wide "apps" for Microsoft's cowork, I think any sort of semi-expert level office job is going to be in danger. I'm not a huge fan, and I was never hyped on AI but it's ridilous what you can do in the enterprise office space (and how easy it is) when you're married with Microsoft.
Quothling
·há 6 dias·discuss
In systems engineering this was proven in court when you have one engineer writing specs and another implementing the "samish" system from those specs, but I'm not sure that would relate to any of the art assets made by the original authors of a game. I'd imagine any art, narrative writing or sound would still be considered IP, and without those things you don't have much of a game.

I suspect it won't stop people, and that it won't be much of an issue in a lot of cases. I wouldn't want to be the one to test it in any sort of court though. Not even on the other side of things, where it'll become even more of a nightmare to protect your indie IP on any form of platform which doesn't heavily regulate things.
Quothling
·há 9 dias·discuss
I'm not very familiar with Rust, but doesn't cargo pull a lot of external dependencies for most projects? I really like how Go can do everything with just the standard library, but I wasn't aware Rust was similar. For typescript we've moved our stuff to bun. It has it's own risk management perspective compared to node, but at least it's now possible to build web services without having to rely on a bunch of external dependencies. Which in our highly regulated business would require security policies for each dependency explaining the risks, why we accept them and how we mitigate them.
Quothling
·há 11 dias·discuss
I challenge you to find a laptop that can do what my macbook air m1 with 8gb of ram does at the $899 it was through the education store. No fan, awesome battery life, good trackpad and keyboard, the ability to not get hot while using it.

I'm a senior platform engineer who at the time I bought it was a senior software developer, who can still use it for my daily tasks despite it having 8gb of ram. Until very recently the 32gb T14 I had ad work was frankly worse performant than the little air, while having a battery life of around 45 minutes a fan sounding like a jetengine and a keyboard so hot it made the sun jealous. My new model is way faster than my macbook air though, but the old model was technically newer than the air. Obviously the comparisson isn't completely fair since we run a lot of corporate enterprise stuff on our laptops, but still.

I'd really like a Linux laptop, but a Framework laptop is expensive (and it has loud fans and runs hot). A tuxedo is even more expensive and has fans where you'd place it on your legs for whatever reason, and runs hot. Looking at the laptop market now, I can't see what you'd buy. A week ago I would've said the Neo (if the 8gb of ram holds up as well on the mobile chip as it does on the m1), but today I'm guessing a refurbished air with 16gb would be the only real option for someone who want's a cool low noise machine with decent battery time.

Whether you run OS/X or Asahi, I really can't see what you'd buy other than these. At least if you actually use it on your lap and don't just have it sit in a dock on a table.

Then again, I'm the sort of person who would buy the pink neo because it would fuck with the perception people have of my mid 40 Scandinavian conservativeish dad look. So maybe it is just about the message?
Quothling
·há 13 dias·discuss
I think what is crazy here is that the USA can block a Dutch company from selling their products. Don't get me wrong, this would have made sense in the world 15 years ago, but today? We all know that China plays dirty, but all those US made LLM's sure seem to know an awful lot about things in IP protected content.

Though to be fair, I think everyone knew that China was always going to have their 100% domestic chip manufacturing supply chain. I'd argue that the blocks were mainly a delaying tactic by the USA oligarchy. Simply blocking ASML from doing business with China would in itself motivate China to move faster, but I guess the decision makers and their advisors calculated that it would be slower than letting China buy the machinery and reverse engineer it.

Of course that didn't really work out. The only reason the media is picking up on these stories is that China, did, get their hands on the machinery, but then... of course they did.
Quothling
·há 14 dias·discuss
Ironic is claiming that Napoleon destroyed civil society, when his reforms are in many ways the foundation for modern civil society. Rule of law, national public education, the concept of a national bank, formation of the middle class, and so on. To say that Napoleon destroyed civil soceity is just plain wrong, Napoleon founded modern civil society.

To be fair, he (the national assembly really) stole the whole "all men being equal" and all the ideas on accessible readable law thing from the Dutch after the Dutch "joined" the French Republic. It's also very likely that Napoleon would've turned out like any other despot if he had held power longer.
Quothling
·há 16 dias·discuss
No kidding, I was considering one to replace my 8g air m1. Which was questionable to begin with performance wise, but it's so worn after all these years. Certainly won't do it now.
Quothling
·há 17 dias·discuss
Companies like Sonatype would be an issue since they are owned by USA private equity. We would not give "Vista Equity" access to anything with the current EU US relationship. It's bad enough that we're so tied into Microsoft, which the EU might task us with leaving if they deem it critical enough for the security of the European energy sector. That's a risk we live with though, there isn't a realistic alternative.

That being said, our current strategy is more along the lines of building thind within standard libraries. We really wanted to adopt Go company wide, but it's proven impossible for non-SWE staff to use AI to create their projects in anything but Python. So instead we've created AI configurations that know our security policies, the tools we want them to use and we've setup security policies which won't even allow you to run a Python executionable inside a virtual environment unless your devices is sepcifically allowed to do so in that specific folder. Similarily we've completely limited what VSCode extensions they can use down to the named folder version. Which sort of sucks, and I doubt a lot of it would be possible if it wasn't because the c-levels are personally liable for security under EU law.

We'll see what happens after september when the summer holidays are over and the real token cost of AI will kick in.
Quothling
·há 17 dias·discuss
Working in the EU energy sector where we have to work with NIS2 compliance, I'd argue that your security team rightly pointed it out. I suspect that's what you mean though, and the rightly is just there because you agree with it but don't like it. We work with even more tight dependencies policies than just having alerts. We have a set of pre-approved and yearly vetted packages, like pandas or pyarrow for Python data work. Aside from that we have some isolated development environments where your pipeline can get access to something like SQLC for Go. Which is essentially where your dev dependency lives in it's own environment where it can produce the code it needs to and then submit it for approval into your regular dev environment.

Ironically we'd probably need to run Dependabot itself in a mirrored environment since it too has external dependencies we'd probably not want to vet.

I do think external dependencies are among our biggest security threats though. It's so hard to vet them, and compliance basically comes down to "We trust the apache software foundation enough, and pyarrow is vital to our business, so we accept the risks", and then you lock versions and aren't the first to update except for vulnerabilities. Shadow AI is obviously the number one security threat right now, especially in enterprise with people who are very tech savvy. This makes dependencies so much worse though, because now everyone can (if their systems aren't locked down tight) do so many crazy things. Both with the "non-sanctioned" AI but also with the code it can generate for them.
Quothling
·há 19 dias·discuss
This is what I meant by the grey zone. I personally think it goes too far, but I agree with the point you make here. Where it becomes problematic is that the method does not get the point across to any audience which doesn't already agree with them.

Compare this to Jesper Graugaard, who is know locally as the "Chromebook-dad". He's been campaigning against big tech in our schools for like a decade, and after 6 years we recently had a ruling forbidding our cities from using Google services without proper data ownership agreements. He's obviously not the only party behind this, but he's a massive force in the agenda against non-EU tech in our schools. He does it through reform and political campaigning.

Jesper has wide public support, Lars is not viewed favourable. This story hasn't even hit our news, I've only heard about it here on HN.
Quothling
·há 19 dias·discuss
I'm Danish and lars kragh andersen is a bit of a grey zone. He obviously goes over the line, he tried to put GPS trackers on the cars of ministers. He "stalks" their families, and dox their children online. He gave an interview on how he'd ignore people carrying a kilo gram of weed when he was a cop because he doesn't agree with the "war on drugs".

On the flip-side, he's sort of right. I assume that putting a GPS tracker on the car of our minister of justice is illegal, but that same minister (Peter Hummelgaard) is one of the key forces behind anti-encryption here in Europe. Similarily the politicians he stalk and harras are pro Palintir getting access to all our data, so Lars Andersen is sort of giving the politicians a taste of what they want to give everyone.

He goes way too far though. Especially if he actually wants change, the way he "protests" is directly damaging his own cause, since nobody is going to sympathise with harrassing children.

I suspect next time he'll have his cameras running with backup powers though.
Quothling
·há 23 dias·discuss
I think it depends a little on how and where you work. In the energy industry of Europe where we are extremely regulated AI has been writing some excellent and maintainable code. Of course we can't do any of that CLEAN SOLID DRY stuff, or any abstraction and implicity really, and I imagine that AI would struggle with that. Though you have to wonder if any of those religions ever really worked when you consider that they've still failed to replace most COBOL systems 30 years later. Anyway, that's a different discussion and even Uncle Bob has moved on to functional programming.

I've yet to have Opus 4.8 fail me with defensive explict code. Often it'll write code that is better than what I might have done. I imagine it would be a nightmare to go through one of the OOP debug chains with implict error handling, but when every function has a runtime assertion which is basically the contract for how it is supposed to work and exactly what to do if it encounters a corrupt state, then things are just so much easier with AI.

I do agree with you on documentation. The amount we have has exploded in the post AI world. Which is a little ironic since the assertion is frankly what you'll need to know and not the 10 pages of prose the AI autogenerated in the shared loop (microsoft's terrible confluence). It is what it is though, and at least it's easier to meet EU compliance rules now, since those are more about the bureaucracy than actual security.
Quothling
·há 24 dias·discuss
Microsoft quietly won the AI race in enterprise with the addition of cowork to their copilot app. Being in the energy sector in Europe we're quite limited in what we can do because of things like NIS2 compliance. We have access to corporate AI tool though the equity fund which owns part of us, and while it allows you to create personalized agents that can run sub agents and use "skills" it's all done without any form of filesystem access. Being married to Microsoft because our IT loves that sort of thing, and having spend a decade in the public sector I sort of get why from an enterprise perspective, anyway, we have always had access to their Copilot app. Which has been so bad that it's actively turned people away from AI. Then last month we get cowork frontier, and now I'm in the process of helping everyone adopt it. Not only does it play directly into our licenses, it also has access to all the Microsoft 365 stuff, so that our HR can use it to sort applications into the categories they belong in and what not. Sure they could've had a better on-boarding system, but they don't so someone has to go through the emails and sort "financial controller" from "sheep shepherd" (yes, we have sheep on our solar plants).

Anyway I'm rambling, what Microsoft is doing with AI in enterprise is basically what they did with Teams and similar systems. They provide a platform for it which is good enough that your organisation is going to want it rather than deal with multiple vendors. Not for tech organisations, but for every other enterprise organisation it'll be so much easier to just go this way. I imagine that Anthropic is getting some sort of payment from Microsoft for Cowork, but what Cowork shows is that Microsoft can be completely model agnostic and still sell "top" AI. Especially because they've set cost on a fixed rate that I'm sure they'll increase by 25% every year.

Or do things like the fact that you need some sort of special Agent 365 license for your sysadmins to manage the admin.microsoft part of Copilot which has to do with security policies... Ask me if it was fun doing that agent by agent... It's frankly the most Microsoft thing I've ever seen.
Quothling
·mês passado·discuss
Your experience is apparently different than mine. I went from using our corporate tool to copilot cowork when it became available to us. From opus 4.6 to 4.8 and there has been a massive difference. It's ridiculously good at programming in the right hands, but the right hands is frankly becoming more and more automatable as well, since you can input design documents, compliance policies and allowed packages and it'll do fine.

If you want, you can go through my history and you'll find that I haven't exactly been a fan of AI, but it's silly to deny that it's gotten good.
Quothling
·mês passado·discuss
> So far, LLMs seem to deliver code with "Louie Da Loan Shark"-levels of tech debt.

Maybe a couple of years ago, but these days, Opus 4.8 is frankly writing better software than what I've seen over the previous decades in non-tech enterprise. These previous two months, we've replaced so much technical debt we've been dragging along for the previous 5 years as our team went from 25 to 3 people.

This is in non-tech enterprise in Denmark and AI had absolutely no impact on us going from 25 to 3. That was all Putin and bad business decisions on the c-levels. Like keeping flexible loans to fund projects on the books when the interests rates were 0.01% because they might go to 0.001%. Anyway, I'm getting to the point where the AI does 100% of the work, but only if it's piloted by people who know what security, resource consumption and compliance is. The code itself is excellent though.