HackerTrans
TopNewTrendsCommentsPastAskShowJobs

umvi

no profile record

comments

umvi
·há 18 dias·discuss
> The required technology is not possible - 3D printers read code, not intent; they cannot tell what a shape is for.

"Anthropic announces Project Disarm, a new model designed for 3d printer manufacturers to quickly infer whether the intent of an stl file is a weapon. The printer first submits the job to the cloud, and only after it's approved will it print."

Not that I want this future, just that I can imagine it.
umvi
·há 19 dias·discuss
So I guess this is a competitor to Electron?
umvi
·há 20 dias·discuss
Go needs a good static analyzer to detect potential nil pointer dereferences. That would help identify and eliminate any unnecessary nil checks. .NET has a good one for C#.
umvi
·há 21 dias·discuss
Ban infinite scroll? Sounds like a slippery slope and also hard to enforce. I don't even know how you would craft such a law.
umvi
·há 29 dias·discuss
Knowing how to make a nuclear weapon isn't hard (at least basic uranium gun-style fission ones). It's the engineering and execution that's hard (actually producing enriched uranium, etc). It's not like the only thing holding back Iran from making a nuclear bomb is access to a jail-broken LLM. Even knowing exactly how to make a bomb, a country-state will struggle to build one for the first time because it's a hard engineering problem.
umvi
·há 30 dias·discuss
They make great models, but the sanctimony and paternalism is getting old real fast and I will gladly ditch them in the future when the model playing field has (hopefully) mostly equalized.
umvi
·mês passado·discuss
Just use insulin pens or even just vials + syringes to manage your BG? I'm T1D as well with a 5.7 a1c. You don't "need" a pump and in some ways pumps make you ignorant of your own disease, like people who "need" GPS to navigate their own towns.
umvi
·mês passado·discuss
Seems like an effective DoS attack - ground all planes in the US by sneaking cheap bluetooth speakers into people's luggage with provacative device names
umvi
·há 2 meses·discuss
Water is handled at the city level, not the federal level. If you have incompetent local leadership, this can happen. Incompetent local leaders can (and have!) bankrupted their cities.
umvi
·há 2 meses·discuss
I never said AI code should be "unreviewed". I'm saying that instead of pulling in axios or requests (as a contrived example) to make HTTP requests, just use AI to generate some vanilla JS/Python that has the exact subset of functionality you need. Your code has fewer dependencies, CVE surface area, etc, wins all around.
umvi
·há 2 meses·discuss
Assuming you disable CGO, yes, the binary is always self-contained. However, I want to clarify a few things.

The "self contained" part is only important in that it lets you use busybox or "from scratch" as your container runtime environment which has a very tiny cybersecurity surface area compared to, say, ubuntu or even alpine which has a bunch of system libraries your go binary isn't using, but which could still get flagged for having vulnerabilities.

Minimizing dependencies of the go binary is a separate, but equally important task that reduces the cybersecurity surface area of your go binary itself to just "the go standard library" instead of "go stdlib + a dozen github packages"

Whenever I am working with a NodeJS project I pity the fool who has to do SCA because the CVE surface area is enormous compared to go, which has a fairly batteries-included stdlib
umvi
·há 2 meses·discuss
"A little copying is better than a little dependency." - Go Proverbs [1]

Most complexity is unnecessary. Adding dependencies to your project exponentially increases your project's surface area, which in turn increases its regulatory/cybersecurity burden, especially if your software is a medical device, munition, etc. Why is Echo/Gin/Gorilla/etc better/more secure than vanilla Go's mux? Just anecdotal, but we use the Echo web framework for Go and it's caused nothing but headaches. It does magical XML parsing by default even though we don't deal with XML which gets us flagged in pen tests. Updating from v4 to v5 broke production for us because they made an undocumented server config change that makes all requests have a 30 second timeout. Meanwhile vanilla go has the ability to register routes and middlewares, so what value is Echo bringing to the table? Ditto for lots of other unnecessary dependencies. A lot of times we just need one little thing out of the whole package, and in those cases a little copying (or a little AI generation) is better than a little dependency.

A static go binary with minimal dependencies running in a busybox container has a tiny CVE footprint when run through grype/snyk, etc. Do the same for a NodeJS app with zillions of dependencies running in an ubuntu container and you'll spend all day triaging CVEs.

I'm not saying "roll your own crypto" but I am saying "axios-like packages don't make sense to use any more in a world where AI+vanilla accomplishes the same thing"

[1] https://go-proverbs.github.io/
umvi
·há 2 meses·discuss
Honestly I hope agentic AI ushers in a new age of minimal-SBOM software. I myself am moving all of my projects towards nearly 100% vanilla where possible. For example, golang. Why use [insert web framework] when you can just use vanilla for 99% of web apps?

There's something really satisfying about a go binary with minimal dependencies running in a busybox docker container.
umvi
·há 2 meses·discuss
That's like 90 minutes of exercise a day if you take zero rest days... Not happening for most people. I think even marathon training requires less than 90 minutes a day on average.
umvi
·há 2 meses·discuss
Better to just publish the protocols/APIs and let the community roll their own
umvi
·há 2 meses·discuss
Honestly, depending on the repo, I would pay a reasonable fee to get issues or PRs I open seen. No different than paying a fee to add a new game to Steam - raises the barrier to entry and prevents a lot of garbage from entering the fray.
umvi
·há 2 meses·discuss
Don't they inject malware/adware into your build artifacts?
umvi
·há 2 meses·discuss
We recently switched from Node.js + Mathjax for rendering latex to Goja (https://github.com/dop251/goja) + Mathjax, and surprisingly it worked really well. We did this because the app is already 99% golang, and this allows us to eliminate the remaining non-go pieces, greatly simplifying the SBOM. And yes, we tried go-latex, but it's not nearly as feature complete as Mathjax. Not to mention using goja + Mathjax adds 10MB to binary size while Node.js adds 200MB+
umvi
·há 2 meses·discuss
OP said "The next generation of developers will, for better or worse, grow up using AI assistance to write their code, but none of them will ever become a Zig contributor."

You rebutted with (paraphrasing) "no, you can't build compilers with LLMs because LLMs don't invent new things"

I used a lot of words to demonstrate that you can invent new things with LLMs, including compilers, as long as it's a human + LLM iterative loop and not an unsupervised LLM running in a vacuum.
umvi
·há 2 meses·discuss
Ultimately code is an iterative refining process, like sculpting granite or spinning pottery. You start rough and iteratively shape and polish it. LLMs just rapidly speedup the iterative process. The next generation will be using LLMs to quickly setup the rough shape of new software and then iteratively refine them.

The "smarter/better" attributes you are worried about LLMs not having happen between iterative steps, when the human is inspecting the current state of the software and compares it to the desired state of the software (in their mind's eye). The human then course corrects for the next iteration.

This would be like if Michelangelo carved the David using a robotic 6-axis chisel. It takes him 1 month instead of 3 years because he can convey his initial vision to the robot and then iteratively refine the granite until it matches his vision.

You can try to claim LLMs don't invent new things, but humans using LLMs absolutely invent new things (source: myself).