HackerTrans
TopNewTrendsCommentsPastAskShowJobs

robszumski

1,569 karmajoined 15 yıl önce
FOSSA head of Applied AI after acquisition of EdgeBit in July 2025.

   FOSSA (acquired EdgeBit) - Head of Applied AI
   EdgeBit (YC W23) - CEO - https://edgebit.io
   Red Hat (acquired CoreOS) - Director of Product
   CoreOS (YC S13) - early employee
Contact me: robszumski.com

Submissions

Fossabot: AI code review for Dependabot/Renovate on breaking changes and impacts

fossa.com
108 points·by robszumski·9 ay önce·18 comments

Resemver: Using AI to rewrite semver based on actual breaking changes

fossa.com
7 points·by robszumski·10 ay önce·0 comments

comments

robszumski
·evvelsi gün·discuss
Really cool. It would be interesting to see a demo of an app that is clearly more bespoke, like your Tesla account, online banking, movie theatre ticketing, etc.
robszumski
·5 ay önce·discuss
example analysis on a Dependabot PR: https://github.com/daniellockard/tiltify-api-client/pull/36#...
robszumski
·5 ay önce·discuss
I commented elsewhere but our team built a custom static analysis engine for JS/TS specifically for the dep update use-case. It was hard, had to do synthetic execution, understands all the crazy remapping and reexporting you can do, etc. Even then it’s hard to penetrate a complex Express app due to how the tree is built up.
robszumski
·5 ay önce·discuss
Totally hear you on the noise…but we should want to auto-merge vs ignore, no? Given the right tooling of course.
robszumski
·5 ay önce·discuss
We’ve built a modern dependabot (or works with it) agent: fossabot analyzes your app code to know how you use your dependencies then delivers a custom safe/needs review verdict per upgrade or packages groups of safe upgrades together to make more strategic jumps. We can also fix breaking changes because the agents context is so complete.

https://fossa.com/products/fossabot/

We have some of the best JS/TS analysis out there based on a custom static analysis engine designed for this use-case. You get free credits each month and we’d love feedback on which ecosystems are next…Java, Python?

Totally agree with the author that static analysis like govulncheck is the secret weapon to success with this problem! Dynamic languages are just much harder.

We have a really cool eval framework as well that we’ve blogged about.
robszumski
·5 ay önce·discuss
Thanks for sharing, really helpful to see your thinking. I haven't fully embraced FaaS myself but never regretted it either.

Curious to hear more about Renovate vs Dependabot. Is it complicated to debug _why_ it's making a choice to upgrade from A to B? Working on a tool to do app-specific breaking change analysis so winning trust and being transparent about what is happening is top of mind.

When were you using quay.io? In the pre-CoreOS years, CoreOS years (2014-2018), or the Red Hat years?
robszumski
·5 ay önce·discuss
no, but still being super impressive. CEO of a company rebuilding a CAD rendering engine because they put an LLM on top of it. So you describe the mechanical specs of the part you want and it models it. Takes all the tedium out of modeling stuff. Super cool and many applications.
robszumski
·7 ay önce·discuss
Same author talked about adversarial license plates that trick these cameras with a sequence of black blocks, discussed here in original form [1]. He is interested in breaking both the plate detection (ideal) and character recognition (good). The examples are pretty cool looking.

[1]: https://youtu.be/Pp9MwZkHiMQ?&t=1428
robszumski
·7 ay önce·discuss
exactly. standard move when you aren't going to get a second shot.
robszumski
·8 ay önce·discuss
We built and launched this product about 2 months ago, HN thread here: https://news.ycombinator.com/item?id=45439721

Totally agree that AI is great for this, it will work harder and go deeper and never gets tired of reading code or release notes or migration guides. What you want instead of summaries is to find the breaking changes, figure out if they matter, then comment on _that_.
robszumski
·9 ay önce·discuss
If a giant chunk of the constellation can act as a truly huge antenna, what can you get from that? Super high resolution? Seek/dwell time on a target that is effectively infinite?
robszumski
·9 ay önce·discuss
It requires you to go deep in both the code analysis and the research, which is expensive at their scale

And, as someone who's start up (EdgeBit was acquired by FOSSA recently) wrote a new JS/TS static analysis engine, it's just hard to get correct.
robszumski
·10 ay önce·discuss
Rob from EdgeBit (YC W23) – super excited to bring our dependency autofix tech + static analysis tools to FOSSA!

You can read more on our blog: https://edgebit.io/blog/edgebit-joins-fossa/
robszumski
·3 yıl önce·discuss
I just stumbled across multipass 2 days ago and it's been great for our local dev environment with a script to manipulate a bunch of things with multipass exec.

I just wish multiarch containers weren't such a pain to deal with.
robszumski
·6 yıl önce·discuss
I imagine they will scale up the sats to have more beams, better tech, etc. They have a super heavy lift rocket coming online in the years between now and the current batch of sats being retired. What they will be replaced with will likely look nothing like today's model.
robszumski
·8 yıl önce·discuss
Does anyone have experience with the optional network ad blocker built into the eero? I think it’s an additional charge so I haven’t tried it. Does it use this same rule set?