HackerTrans
TopNewTrendsCommentsPastAskShowJobs

marcc

no profile record

Submissions

[untitled]

1 points·by marcc·2 ay önce·0 comments

Analysis of 9k OSS PRs: merged PRs have half the AI-slop rate of open ones

twitter.com
1 points·by marcc·5 ay önce·0 comments

For B2B Generative AI Apps, Is Less More?

a16z.com
1 points·by marcc·3 yıl önce·0 comments

comments

marcc
·geçen yıl·discuss
Adding images involves us creating a new package (APK) in our APK repo. This is done by creating a melange build config (https://github.com/chainguard-dev/melange). The melange config defines some basic tests. It's not comprehensive, but generally validates that the binary produced is functional.

When we build the OCI image, we validate it via some custom tests that we've written. We have identified the canonical image (i.e. DockerHub, GHCR, etc), and we confirm that our image has the same entrypoint, args, env that the canonical image has. Then we have some generated scenarios we run the OCI image through to make sure it functions the same as the canonical image runs.

For example, we have Postgres in the catalog today. When we rebuild, we have some tests that run with various configurations of PG_DATABASE/PG_PASSWORD, etc env vars. We run these with our image and with index.docker.io/library/postgres, and expect to see the same output with both.
marcc
·geçen yıl·discuss
We often deliver in way less than 6 days but sometimes the dependency tree is deep for a patch.

I've seen most auditors mandate 30 days for Critical, but you clearly want to move a lot quicker than that.
marcc
·geçen yıl·discuss
We work together on it. Assuming you have a build process and dockerfile (we all do), generally our team can get you listed in the catalog quickly.

It's not too much work since we built on an existing set of tools (melange & apko). I've actually found that putting a Dockerfile into ChatGPT generates a really good first iteration.
marcc
·2 yıl önce·discuss
Plenty of responses here: https://www.reddit.com/r/teslamotors/comments/p59vwc/eli5_wh...
marcc
·2 yıl önce·discuss
Exactly this. Art changes over time. The mediums that we use to express ourselves creatively evolves. The position that AI is the end of creative art isn't taking this evolution into account.

When video became an affordable medium, would people say "this is the end of art, live performances are art. Now the people will just watch the same recordings over and over?" Maybe, if the internet existed. But it's had the effect of creating and introducing new art forms.

AI generated content won't replace art. It will evolve it to a new creative.
marcc
·3 yıl önce·discuss
I've used https://www.hnreplies.com/ for years here. Agreed that this is something that would be great to have built in.
marcc
·3 yıl önce·discuss
> security teams is for when things does not go as expected.

That's an unexpected view. Security teams are experts in security and help application developers think of ways the product could be exploited. Security teams run pen tests and bug bounty programs. Security teams manage compliance.

Separation of duties is a critical part of building a secure system, and you can't have separation of duties properly if app developers do it all.

Don't think of a security team a punishment for when things didn't go as expected, but a good security team can help increase velocity and confidence and security all at the same time.
marcc
·3 yıl önce·discuss
The outages this week have been rough. But outages can and will happen in any provider. I think the better goal is to find a way to use upstream providers in a more resilient way. When they are down, can you have fallbacks to another provider, or will that be too much engineering effort? Don't look for a provider that will be up 100% of the time, but figure out how to make sure your service isn't down when Cloudflare is down.
marcc
·3 yıl önce·discuss
Yikes. If still true, this feels like a significant single point of failure in their architecture.
marcc
·3 yıl önce·discuss
> It’s actually a vendor-agnostic replacement for the client side of DataDog, New Relic, or Azure App Insights.

The client side of DataDog, New Relic aren't nearly as complicated as Otel.
marcc
·3 yıl önce·discuss
Type a prompt and then get asked to log in. I see this as a dark pattern because if I don't want to log in, I've put data and time into your site and not getting results. If you want to keep this workflow, I'd suggest maybe letting people try it once without logging in?

Curious if you measure this and how much drop off there is between fill out a valid prompt and not logging in to see the results.
marcc
·3 yıl önce·discuss
Got a link? I'm not sure how this would even work, but if you aren't kidding, I'm curious to read the marketing.
marcc
·3 yıl önce·discuss
The "AI Not Welcome Here" is interesting at the bottom of the Readme.

https://github.com/MrIceman/go-uml#warning---ai-not-welcome-...

This is a pretty hard stance to take when creating an OSS project. The author made an open source, MIT-licensed repo. Right now, the statement reads "I wrote this all myself". Does that mean the author is not willing to accept PRs?

Or will we see something like a DCO that developers make an attestation that AI was not used in creating the change?
marcc
·3 yıl önce·discuss
Why not? I’m curious to understand this phenomenon. You see value it copilot, presumably because it makes you more efficient or productive. But either not enough to pay the fee, or.. ? Mind sharing why you aren’t willing to pay? (I don’t work for GitHub. I do write commercial software though)
marcc
·3 yıl önce·discuss
How big is the organization that has this requirement?
marcc
·3 yıl önce·discuss
This is pretty cool, just tried it out. I wish I could give it a little more than "keywords". Give me a textarea to explain the website and (maybe a different) for me to specify some design constraints or considerations.

In the end, it built a simple website, but just wasn't "ready to launch". What are the plans to make this more customizable?
marcc
·3 yıl önce·discuss
Interesting. I hadn’t thought about this as a pure money grab yet.
marcc
·3 yıl önce·discuss
What do they expect to happen if they win? OpenAI can't use GPT-4 (or build/release GPT-5), but the innovation will continue in areas of the world not subject to this regular?

I understand that the LLM models are advancing quickly and aren't easily explainable or transparent. The models feel like magic at times. But that doesn't mean society should shut them down.

This is fearful behavior and spreading FUD really. These folks should take the time to understand how an LLM works before taking this action.
marcc
·4 yıl önce·discuss
SAML shouldn't be too hard if you use a library or a service such as Auth0. What problems did you have that made it so difficult?
marcc
·8 yıl önce·discuss
Most good password managers will do this for you automatically. When I copy a password out of 1Password, it doesn’t stay in the clipboard forever and there’s an option to specific the amount of time before clearing it.