it will be interesting to see if any new formats emerge. if ai kills the take home, what can replace it for similar "let's see how far you can go if you have resources available" style examinations?
maybe we'll see specialty chatbots that give the equivalent of oral examinations and/or are willing to provide reference material but not make suggestions, connections, solutions or generate prose on behalf of the user?
cool to see rustdesk. low level memory bugs were long mysterious and i think often received most of the attention for this reason, but always fun to see reminders that "nope, good ol' fashioned logic bugs in high level languages have security implications too." if anything, i think they sometimes are more clever as they require deeper understanding of what the code actually does, intends to do and what was overlooked rather than the common set of bookkeeping errors that are often the root of the memory bugs.
i wonder if it's about protecting it from extraction/distillation or if it's about not having to answer for surface that hasn't been properly vetted for public consumption. (ie, is someone going to sue them or complain or write blog posts because the thinking has transient things that people don't like where the final result is what is actually vetted?)
i agree with the author. i argue a preference for loose coupling over centralized abstractions. sure it's pleasing to compress the code, but if the use cases actually are sufficiently divergent (as well as bugs and externally driven changes) ultimately it becomes brittle, littered with edge cases behind if fences and both challenging and daunting to change.
ideal case: support libraries and then very simple duplicated code that is easy to read and modify. critically the core control flow should remain duplicated, but simplified by the support libraries.
my first reaction: this pivot makes no sense at all to me.
my second reaction: maybe it does? did they hire up an army of physicists to make better diffusion models or something and they actually have people on staff who can do this?
that's how i understand it. it's a portfolio with front matter, back matter, the papers that got published with some connective tissue between them and maybe some discussion of the things that didn't work out and why.
yeah, i think you're right. i originally read a bit of snarky blow-off, like "eh?" ... but you know, now that i think of it, it's actually does have more of a friendly canadian style vibe.
the '90s version of finding the hiring manager or boss on linkedin to try and get a job was connecting to the company's public smtp server with telnet, using their name to probe different email address patterns with "rcpt to:" (those days the actual servers were often directly connected to the internet and would leak email address validity in how they would respond to rcpt to) and then sending them a nice email.
smtp grew up to be an antisocial curmudgeon. extended smtp starts with EHLO.
blindly trusting upstream is not really a reasonable posture. that is pretty much the source of all software supply chain attacks.
there is work involved in figuring out how to get the complete diff of the code and dependencies that are included in the change, plus review time. this could range anywhere from 5-10m to 1h per package updated- if not more.
pretty much all of them. the diffs only really show that it's coming from the same source, the changed hash and maybe some urls for some patches. actually looking at what is in that changed hash is a much more complicated story. this gives end users a false sense of security ("i read the diffs" -- not really), and attackers a clean vector (all it takes is one bad commit that might not even be on a real branch, or linked patch or late download dependency in the package itself).
i read all the pkgbuild diffs, still doesn't give me a good sense. sure, i can verify that it's coming from the official repo but even then there's no guarantee that there isn't junk in there or that the git ref is actually pointing at the right thing.
it would be better if there were stronger community moderation and review that has stamps i can trust rather than this idea that eyeballing build scripts is a reasonable security posture.
two scenarios i could think of where there's additional risk for bio/nuclear weapons 1) basement lab leaks and 2) improving quality of execution for shops that are already resourced enough to hire experts but maybe they're not that great.
i think the correct answer is probably to funnel more money to global (bio)security initiatives and maybe use ai leverage as a way to get more of the world on board. (some kind of access to nvidia or cloud ai or whatever in exchange for policy commitments deal- while that leverage lasts).
i thought this was all fixed with special modes of clone that are optimized and don't actually copy anything (ie, it creates a new deficient process that can pretty much only exec)?
yeah this is the actual key. an actually useful title and a stable link to the discussion around the change.
conventional commits are pleasing, but questionable actual utility. the code speaks for itself. the actually useful information is a well chosen title and the context for the change.
here's an idea for an "experienced" technical interview structure. "we care about x, y and z. you have forty five minutes to convince us that you will meaningful help us achieve our goals. we then will take 30 minutes to push on technical details as we see fit. you will be judged based on technical content, choices, taste and your overall approach and strategy for moving us forward and convincing us that you're the right person to do it. good luck!"
maybe we'll see specialty chatbots that give the equivalent of oral examinations and/or are willing to provide reference material but not make suggestions, connections, solutions or generate prose on behalf of the user?