creesch's recent activity
-
Comment on Chat Jimmy - A nearly instantaneous AI chatbot in ~tech
-
Comment on Brave Origin (Nightly), a paid, bloat-free version of Brave in ~tech
creesch Link ParentNot to mention that the company behind it doesn't have the same questionable track record as Brave does.Not to mention that the company behind it doesn't have the same questionable track record as Brave does.
-
Comment on Chat Jimmy - A nearly instantaneous AI chatbot in ~tech
creesch Link ParentMan, they could have made that much easier to read. The tl;dr seems to be that instead of using general purpose hardware their offering is hardware specifically build for specific models. So far...Man, they could have made that much easier to read. The tl;dr seems to be that instead of using general purpose hardware their offering is hardware specifically build for specific models. So far the only model they are offering is Llama 3.1 8B.
Which is a relatively light model to run to begin with. But to their credit a quick test does seem to validate their speed claims:- Their claimed speed in chat:
Generated in 0.018s ā¢ 15,623 tok/s - Running llama 3.1 8b with Q4 in llama.cpp:
239 tokens 2.2s 108.61 t/s
If this approach scales up to more competent models it can potentially be interesting depending on a variety of factors like the actual hardware cost involved. Considering they give absolutely no relevant details about the hardware (close to zero, zip, zilch, nada) other than what basically comes down to "we designed a custom SoC" I suspect there might be some caveats and or gotchas involved here.
electronic components like RAM and GPUs.
They still need RAM, they nicely talk around it in their marketing with stuff like this
Taalas eliminates this boundary. By unifying storage and compute on a single chip, at DRAM-level density, our architecture far surpasses what was previously possible.
But that just seems to be describing a SoC, like apple sillicon. Which yes, gives speed benefits. But at the same time still pretty much requires all the other hardware in order to run properly.
In fact, having it all typed out. I feel like they just reinvented the NPU.
tl;dr it remains to be seen what they actually are offering. This is pure marketing aimed at attracting more investors imho.
- Their claimed speed in chat:
-
Comment on Interresting Reddit/Discord alternative : surikata.app in ~tech
creesch Link ParentSecurity awareness, even in professional software development is in my experience often lower than many people expect from the outside. Shockingly low even. Most of the breaches on haveibeenpwned...Security awareness, even in professional software development is in my experience often lower than many people expect from the outside. Shockingly low even. Most of the breaches on haveibeenpwned where my mail is involved are for big companies, those who have security teams, policies, etc.
You are right that LLMs have brought the ability to create software with no prior knowledge much closer to many people. And they might have made things even worse. But overall it hasn't changed my perception on third party software and security implications is what I am saying.
I'm sure someone out there has run the numbers on the effect AI coding has had on the rate of vulnerabilities being discovered
Something I also suspect is very difficult to do properly do. At the very least you will see an insane amount of attempts at claimed CVEs which are effectively AI slop, more recently Anthropic has been making waves with actually CVEs being found by their models (the whole mythos thing if you have seen the news) so you might actually see a spike for that as well on the confirmed side of CVEs.
I had a go at creating stats based on the github advisory database. But it is quite difficult to draw conclusions as the amount of sources for it has changed over the years as well as the ecosystems monitored. What I do see is a big spike in the past two months which I suspect might be result of LLMs being used to audit code. But on a per month basis for the past 5 years or so I don't see any real trends up or down.
Of course, this is only vulnerabilities in published packages used as dependencies. It doesn't saw much about software in general.
Like you said, we really shouldn't implicitly trust any website with our data to begin with, open-source or not, AI-generated or otherwise. But it's all a compromise on the internet; fortunately we can be choosy with the programs we trust our data with, and good digital hygiene should be used no matter where you're signing up for.
Yup, this I very much agree with.
-
Comment on The zero-days are numbered ā Firefox team uses AI to find and fix vulnerabilities in ~tech
creesch Link ParentYeah, firefox is one of those applications that is so complex that I have a hard time believing we even will get close soon. Even more so if we extend the concept to other things like incomplete...It's unlikely we'll get to "zero bugs" any time soon
Yeah, firefox is one of those applications that is so complex that I have a hard time believing we even will get close soon. Even more so if we extend the concept to other things like incomplete implementations of things causing privacy issues (The tl;dr there is that private browsing and firefox containers are not entirely sandboxed as far as extensions go). This is just an issue I am familiar with that has been sitting for 8 years, there are so many more like that. Many of which will cause other behavior elsewhere once "fixed". So even if they somehow managed to get their hands on a magic LLM that doesn't hallucinate and can handle massive context windows without issues it would be a long time before they even got close finding them all, let alone fixing them.
Considering that such an LLM is just a pipe dream, finding all the bugs in a reliable way is also a pipe dream.
To be clear, I do think LLMs can already be used to find bugs. But not in a way that is going to magically fix security across the board.
-
Comment on Interresting Reddit/Discord alternative : surikata.app in ~tech
creesch Link ParentI have no doubt this happens. But, I do want to push back on the thought that this has become an issue with vibe coded websites specifically. Back in the early 2000s I was able to hack together my...Simply because with small websites like this one you have absolutely no idea what the backend looks like, and have no way of knowing about any potentially catastrophic security holes brought about by a vibe coder telling Claude "make this website extra secure here are my private keys please don't leak them".
I have no doubt this happens. But, I do want to push back on the thought that this has become an issue with vibe coded websites specifically.
Back in the early 2000s I was able to hack together my own blog/cms including a commenting system without really knowing what I was doing by just throwing together php snippets until it worked. On the front it looked (for the time) fairly fancy but looking back it was a complete security nightmare. Not even compared to modern practices and standards, by the standards of the time it was a complete mess.
And given what I have seen over the years there are many websites out there that are still like that. All without any LLM involvement.
It's the main reason why having unique passwords for services has been preached for ages. Because the reality is that websites do get compromised and things will leak. As an extra example, if I check https://haveibeenpwned.com the first entry for a leak where I was involved dates back to 2010.
I am sure vibecoding adds another whole layer to it. But I already did operate with very little trust towards anything requiring me to sign up.
-
Comment on Good time to buy a gas/diesel car (in the EU)? in ~transport
creesch LinkLast I heard used EVs were just about starting to enter the market. But, I haven't kept a close eye on the market either. Having said that, for your use case sitting still for months might be more...Last I heard used EVs were just about starting to enter the market. But, I haven't kept a close eye on the market either.
Having said that, for your use case sitting still for months might be more problematic with EVs and dead batteries.
What you might want to take in consideration are city centers and adjacent neighborhoods. In plenty of EU cities these are increasingly environmental zones where not all cars are allowed. The older the dino car is the more likely that you will not be allowed to enter them. With diesel cars that is even more likely.
-
Comment on Static analysis, dynamic analysis, and stochastic analysis in ~comp
creesch (edited )Link ParentI don't use claude for work projects for a variety of reasons (including legal) but have been experimenting heavily with claude code personally. Specifically to have an actualized accurate...I don't use claude for work projects for a variety of reasons (including legal) but have been experimenting heavily with claude code personally. Specifically to have an actualized accurate impression of the current limitations and possibilities. What I've found is that well written skills help a lot in structuring the way model/harness approach projects making them much more useful. In a different comment I mentioned the superpowers skills actually enforcing things like TDD and structured development. But I also faced the issue of having Claude "onboard" on projects with a lot of legacy.
For that I have created two skills
codebase-discoveryandcodebase-auditwhich can be used as a starting point. They aren't perfect, but they have been useful to me in various ways. Specifically related to your situation they do surface areas Claude likely will not handle well. But they also offer some broader insight in the code base that I would otherwise not have considered.All the usual caveats about LLM usage still apply. The output of these skills is quite a lot and you still need to go over it in detail. Which is exhausting as our brains like to be lazy.
-
Comment on Prototyping with LLMs in ~tech
creesch (edited )Link ParentIt is almost as if real industry practices from lessons learned still apply to LLM involved development ;) I have been experimenting with claude code in the past weeks. Mostly to see where things...It is almost as if real industry practices from lessons learned still apply to LLM involved development ;)
I have been experimenting with claude code in the past weeks. Mostly to see where things stand and found there is a plugin called "superpowers" which heavily leans into good development practices but also good debugging skills. It still doesn't fix some fundamental issues with llms. But it does help a ton with having them follow structured process from start to finish.
Having said that. Even with superpowers it still very much feels like cat herding at times. With prototypes and other green field projects the results can be impressive. But even at that stage I do find having to constantly be on my guard for them drifting away from requirements and jumping to conclusions exhausting to deal with.
Edit:
Long day and I was on my phone so I forgot to include about half of what I wanted to mention. One of the things is that the only reason I am able to use LLMs like this is because of decades of experience and working in the field. I am slightly worried that we are now speedrunning to a world where a lot of that institutional knowledge and experience is simply lost. A lot of it does exists on paper but clearly not present enough in the training data to surface as a default (which does say something about the fragile state of software development before the hype imho, but that is a tangent) or is explicitly not valued by these companies training these models (also a possibility in my mind).
Also, forgot to link to the superpowers repo, here it is. And a selection of the skills it comes with:
- brainstorming
- executing-plans
- receiving-code-review
- requesting-code-review
- systematic-debugging
- test-driven-development
- verification-before-completion
- writing-plans
All of them involving elements from red/green, TDD, DRY principles, etc. I can't stress enough that it doesn't make Claude (or other models as the skills work with other harnesses as well) perfect, but it helps a lot with the whole "distracted assistent with short term memory loss going on tangents" behavior you otherwise encounter.
-
Comment on Tildes Minecraft Weekly in ~games
creesch Link ParentYup, the tldr is basically that the best route is a big L from point A to B with few height differences. Where you do have height differences or corners you want to slow down. It is almost like...Yup, the tldr is basically that the best route is a big L from point A to B with few height differences. Where you do have height differences or corners you want to slow down.
It is almost like high speed rail irl!
Anyway there is a variety of lines to look at, there is the town central line of course but also a bunch of them in the nether.
-
Comment on Do I not need to use blue light filter on my screens if I already have eyeglasses with Anti-Reflective coating? in ~talk
creesch Link ParentLast year I invested a bunch in somewhat excessive lighting near my desk. I do work mostly from home. Certainly in the winter period I had noticed that mentally waking up took more effort on dark...Last year I invested a bunch in somewhat excessive lighting near my desk. I do work mostly from home. Certainly in the winter period I had noticed that mentally waking up took more effort on dark days. Where in summer the room is dark because it faces the sun so everything is closed of resulting in a similar issue.
In the evening I do make it a point to turn a bunch of lights off and do use a warmer color on my computer display. Not really because I think it helps with melatonine production. It is more for the same reasons I make sure to get up after work and do something else first before I do hobby computing. It helps signaling my brain that we are entering a different part of the day.
It is anecdotal evidence of course but I do feel this combination has helped a lot. Both with the feeling of not being awake but also with a slightly better sleeping schedule.
I did try to get good quality lights (high cri value and all that) and made an effort to have it be a variety of sources and indirect light instead of a spotlight effect. I did also try different light colors so that the light during the day would be closer to sunlight (fairly cold color temperature) but that didn't really work well for me.
-
Comment on Iām traveling internationally for the first time and could use tips! in ~travel
creesch LinkWhile Amsterdam is #1 for many tourists I just want to throw in a suggestion for other cities in the Netherlands. You will get much fewer tourist traps and all that and many other cities are worth...While Amsterdam is #1 for many tourists I just want to throw in a suggestion for other cities in the Netherlands. You will get much fewer tourist traps and all that and many other cities are worth while a visit as well. Since public transport is pretty good you can very easily get from Amsterdam to Utrecht in half an hour and basically to the eastern part of the country in an hour landing you in Arnhem (Often known for WW2 market garden as the bridge too far city but has a lot of other stuff to offer as well).
It depends on your goals, but if you want to get a feel for the country I'd recommend bailing on Amsterdam at some point. But, having said that, Amsterdam is great to visit as well just depends on what your expectations are.
-
Comment on Installing every* Firefox extension in ~tech
creesch Link ParentSame same, I try to see it as a learning process. And sometimes if I am lucky I can still apply the stupid stuff elsewhere where it is not stopid. Dunno, as long as that dev figures out the...Not that this is anything new to coders but god I have been living this reality all week.
Same same, I try to see it as a learning process. And sometimes if I am lucky I can still apply the stupid stuff elsewhere where it is not stopid.
I am honestly impressed that it will do that and sad for the first dev who got that fatal crash report.
Dunno, as long as that dev figures out the context quickly enough I can also see it as an oppurtunity to optimize those code paths anyway. Highly depends on the sort of dev it lands with though :D
-
Installing every* Firefox extension
59 votes -
Comment on Tildes Minecraft Weekly in ~games
creesch Link ParentI'll file a restraining order. Also, you can be sure that tea has been bugging me about it already when he suggest updating the server.I'll file a restraining order. Also, you can be sure that tea has been bugging me about it already when he suggest updating the server.
-
Comment on Tildes Minecraft Weekly in ~games
creesch Link ParentDid you remember to yell at the clouds and those damn kids?! It is the best thing.I tried out @creesch's balcony seat and it was really comfy. 9/10 will sit there again.
Did you remember to yell at the clouds and those damn kids?! It is the best thing.
-
Comment on Zombo.com - Now under new management in ~tech
creesch Link ParentYes, worth the wait though! Amazing content behind infinity!Yes, worth the wait though! Amazing content behind infinity!
-
Comment on Improving my focus by giving up my big monitor in ~tech
creesch LinkHah! If anything having one monitor and it being just my laptop monitor will give me less focus. As I explained last month when someone asked about monitor preferences. For my current work I have...Hah! If anything having one monitor and it being just my laptop monitor will give me less focus. As I explained last month when someone asked about monitor preferences.
2x 27ā 1440p monitors side by side in landscape is the sweet spot for me. One as my primary monitor I am centered in front of, the second one to the side for referencing stuff.
I tried various methods over the years but I keep coming back to this. Sometimes the reference monitor gets used in portrait mode but that is rare.
For me it is the opposite as you experience. If I need to keep switching to reference things it distracts me and pulls me out of focus. If I just need to turn my head a little I keep my focus.
For my current work I have to use a VDI which I will have in full screen on both my monitors. This is great to focus on work, but all messages, mail and calendar reminders will also be hidden. I used to have my laptop closed tucked away. So now I have it open with all that stuff on it, making sure it is out of the way of my field of view for the most part. Every now and then I will glance to to it to see if I need to pay attention to something there. Which, again, helps with focus as I otherwise would need to minimize the entire VDI instance and switch back.
It's almost as if different people focus differently :P
-
Comment on Tildes in JavaScript-free browsers in ~tildes
creesch (edited )Link ParentI am pretty sure that is also what is being used by tildes. Click to view the hidden text Here's all the hidden text. It can have markdown in it too. Edit: Just realized you might have proposed...I am pretty sure that is also what is being used by tildes.
Click to view the hidden text
Here's all the hidden text.
It can have markdown in it too.
Edit: Just realized you might have proposed using it for comment threads. I am not sure they would work well for that purpose. There is a
openattribute but I have no clue if you can nest them and how accessibility tooling would respond to them being nested. -
Comment on Google releases Gemma 4 in ~comp
creesch Link ParentYup I am aware, which is among the reasons I still think gemma4 is fairly impressive given the size.Yup I am aware, which is among the reasons I still think gemma4 is fairly impressive given the size.
Eh, sort of but not really? Your interpretation might be right, but the patent also might be a roundabout way to talk about the fact they are using a quantized model
It still doesn't say much to the point that it doesn't say anything and most we can do is speculate. So it still gets an "eh" response from me.