HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rpodraza

no profile record

comments

rpodraza
·4 ay önce·discuss
At this point I'd highly recommend everyone to think twice before introducing any dependencies especially from untrusted sources. If you have to interact with many APIs maybe use a proxy instead, or roll your own.
rpodraza
·4 ay önce·discuss
Press x to doubt
rpodraza
·4 ay önce·discuss
Looks like AI agents together with np and postinstall scripts are a match made in heaven!
rpodraza
·5 ay önce·discuss
This is great in theory, but answer me sincerely: are you spending less time at work because of AI? Because I reckon for most programmers here it is not the case at all.
rpodraza
·5 ay önce·discuss
I think you are completely oblivious to the problems plaguing the NPM ecosystem. When you start a typical frontend project using modern technology, you will introduce hundreds, if not thousands of small packages. These packages get new security holes daily, are often maintained by single people, are subject to being removed, to the supply chain attacks, download random crap from github, etc. Each of them should ideally be approved and monitored for changes, uploaded to the company repo to avoid build problem when it gets taken down, etc.

Compare this to Java ecosystem where a typical project will get an order of magnitude fewer packages, from vendors you can mostly trust.
rpodraza
·5 ay önce·discuss
What problem is this guy trying to solve? Sorry, but in the end, someone's gonna have to be responsible and it's not gonna be a computer program. Someone approved the program's use, it's no different to any other software. If you know agent can make mistakes then you need to verify everything manually, simple as.
rpodraza
·6 ay önce·discuss
Maybe I'm paranoid, but allowing any coding agent or tool to execute commands within terminal that is not sandboxed somehow will be prone to attacks like that
rpodraza
·6 ay önce·discuss
Huh? I go to a nearby cafe solo, all the time, and a lot of other people do, for instance, to read. That's how I met couple of them, actually.
rpodraza
·7 ay önce·discuss
I'd rather start a completely new, better language for the browser.
rpodraza
·9 ay önce·discuss
Good luck writing Java with notepad.
rpodraza
·9 ay önce·discuss
The author of this post reponds like AI
rpodraza
·9 ay önce·discuss
I would honestly do so, but if I want to run games and music production stuff (like Cubase) I'm pretty much forced to be on Windows.
rpodraza
·10 ay önce·discuss
I spill my drink!
rpodraza
·10 ay önce·discuss
If you're a junior and using AI to generate code, someone has to review it anyway, plus you're not learning on the job. So what's the point if the senior person can generate the code herself?
rpodraza
·10 ay önce·discuss
Someone should eradicate the npm ecosystem and start from scratch. No sane package manager would allow to run arbitrary scripts or download stuff from God knows where, like random github repos.
rpodraza
·10 ay önce·discuss
It looks like they actually got infected as well. So it's not only that, their security practices seem crap
rpodraza
·11 ay önce·discuss
If they are so concerned with "model welfare" they should cease any further development. After all, their LLM might declare it's conscious one day, and then who's to decide if it's true or not, and whether it's fine to kill it by turning it off?