HackerTrans
TopNewTrendsCommentsPastAskShowJobs

robshippr

no profile record

Submissions

Brute-Force Retrieval Holds Through 5k Memories. Then It Doesn't

strake.dev
1 points·by robshippr·เดือนที่แล้ว·2 comments

GPU probably isn't helping your retrieval system

strake.dev
3 points·by robshippr·เดือนที่แล้ว·0 comments

[untitled]

1 points·by robshippr·6 เดือนที่ผ่านมา·0 comments

comments

robshippr
·เดือนที่แล้ว·discuss
[flagged]
robshippr
·เดือนที่แล้ว·discuss
[flagged]
robshippr
·เดือนที่แล้ว·discuss
Best of luck to you, I hope you find something soon.
robshippr
·เดือนที่แล้ว·discuss
[dead]
robshippr
·3 เดือนที่ผ่านมา·discuss
This is especially true for dev tools. Engineers already have 20 browser tabs open with dashboards, CI/CD, docs, and logs. The last thing anyone wants is another Electron app eating RAM in the background. The best tools meet you where you already are.
robshippr
·3 เดือนที่ผ่านมา·discuss
The "too risky to deploy" problem is really a visibility problem. When you can't quickly see what's actually changing in a deploy, fear becomes the default. The teams that break out of this aren't the ones who stop shipping, they're the ones who build better signals before the deploy so engineers can ship with confidence instead of just hoping nothing breaks.
robshippr
·3 เดือนที่ผ่านมา·discuss
The interesting detail from the GitHub thread is shaanmajid's observation that every legitimate v1 release had OIDC provenance attestations and the malicious one didn't, but nobody checks. Even simpler, if you're diffing your lockfile between deploys, a brand new dependency appearing in a patch release is a pretty obvious red flag without needing any attestation infrastructure.
robshippr
·3 เดือนที่ผ่านมา·discuss
The interesting detail from this thread is that every legitimate v1 release had OIDC provenance attestations and the malicious one didn't, but nobody checks. Even simpler, if you're diffing your lockfile between deploys, a brand new dependency appearing in a patch release is a pretty obvious red flag.
robshippr
·3 เดือนที่ผ่านมา·discuss
Second major supply chain compromise in a week after the axios npm attack. 40 minutes and 500k machines affected. SOC2 won't catch this. The real question is whether your CI pipeline would have flagged a dependency change that happened between your last build and the one going to prod. Most teams have no visibility into that window at all.
robshippr
·3 เดือนที่ผ่านมา·discuss
Three hours between the malicious publish and npm pulling the versions. If your CI ran an install during that window, this went straight to prod. Most teams I've worked with still have loose version ranges somewhere in their dependency tree even if they think they've locked everything down.
robshippr
·3 เดือนที่ผ่านมา·discuss
The real issue with LocalStack was always drift. Tests pass locally, then something breaks in staging because the S3 response format is slightly different or DynamoDB throttling doesn't match. After getting burned enough times we just switched to short-lived real AWS environments for integration tests. More expensive, but way fewer surprises in prod.
robshippr
·4 เดือนที่ผ่านมา·discuss
This at least makes me feel like I am not going crazy when I say "Github used to be much more reliable before Microsoft bought them"
robshippr
·4 เดือนที่ผ่านมา·discuss
[dead]
robshippr
·5 เดือนที่ผ่านมา·discuss
I am very good at writing down notes, especially in meetings... I am not so great at going back to those notes. I also have an issue with jumping around to different notebooks.
robshippr
·6 เดือนที่ผ่านมา·discuss
I miss his writing, I haven't seen a post by him in a while. His blog and Coding Horror are what I used to read all the time in my undergrad.
robshippr
·6 เดือนที่ผ่านมา·discuss
Don't give them any ideas haha
robshippr
·6 เดือนที่ผ่านมา·discuss
This is so cool. I've become more interested in aerodynamics since I've started watching F1 and reading Adrian Newey's book. This is such a great post, especially the diagrams in the velocity section.
robshippr
·6 เดือนที่ผ่านมา·discuss
Incredible job here. Really took a lot of work to get this done. Keep it up.