kacey's recent activity
-
Comment on What is watts, volts and amps? in ~science
-
Comment on The zero-days are numbered β Firefox team uses AI to find and fix vulnerabilities in ~tech
kacey (edited )Link ParentThe rebuttal I made was to the claim that the models are only finding trivial bugs (eg using ancient software dependencies). That other models + harnesses are as or more capable as whatever shiny...I'm aware of this, but also aware of claims that lighter models found similar vulnerabilities.
The rebuttal I made was to the claim that the models are only finding trivial bugs (eg using ancient software dependencies). That other models + harnesses are as or more capable as whatever shiny keys that Anthropic has jangled today is neither here nor there, but I do happen to agree with you.
[general claims about OWASP and software security]
To be clear: I considered this an area where I needed to lead consistently by example when I was employed full time in software dev. Because you expressed a desire not to discuss this, I'm not going to continue down this conversational rabbit hole, but suffice it to say that I disagree with your position and could write a dissertation on it.
-
Comment on What is watts, volts and amps? in ~science
kacey Link ParentIn case you're curious, there's a whole section in the Wikipedia article on the hydraulic analogy on how it falls over.In case you're curious, there's a whole section in the Wikipedia article on the hydraulic analogy on how it falls over.
-
Comment on What is watts, volts and amps? in ~science
kacey Link Parent(probably worth noting that this is also true of responses made by confident humans, too π I tend to read LLM responses like I would a Redditor's post: it probably contains more truth than...[...] sometimes the way itβs wrong is so subtle that youβd only recognize it if you have a mastery of the subject yourself.
(probably worth noting that this is also true of responses made by confident humans, too π I tend to read LLM responses like I would a Redditor's post: it probably contains more truth than fiction, but only probably)
-
Comment on The zero-days are numbered β Firefox team uses AI to find and fix vulnerabilities in ~tech
kacey Link ParentGotcha. And yeah, no worries -- obviously I'm not critiquing you, it's just a pain to see peoples' donations blown on half-baked ideas seemingly formed by some senior engineer glancing through the...Gotcha. And yeah, no worries -- obviously I'm not critiquing you, it's just a pain to see peoples' donations blown on half-baked ideas seemingly formed by some senior engineer glancing through the HN front page. The "product" comment from me was reflecting how I feel that, when one is spending someone else's money, it becomes more important to have clear and useful objectives for doing so.
-
Comment on The zero-days are numbered β Firefox team uses AI to find and fix vulnerabilities in ~tech
kacey (edited )Link ParentYeah ... I think I'll believe it more when I see it. I was excited for the built-in feature for asking questions about the current page to an LLM. I can't say whether it works well, though,...Yeah ... I think I'll believe it more when I see it. I was excited for the built-in feature for asking questions about the current page to an LLM. I can't say whether it works well, though, because I needed an about:config change to point it at my local inference server, and in the end wound up being a glorified floating tab. I'll take a look at the links later though in case they've done more compelling work, though; thanks.
edit: had a look, and it seems mostly out of touch, lacking product vision, or trend following. May I ask if anything stood out to you as particularly valuable? It kinda looks like NPO slop to me: stuff that would make donors feel excited, but that serves little to no practical purpose (eg "llamafile helps anyone run an LLM, with no experience!" is not a product, and could be solved technically with fewer tradeoffs and better visibility via other technical approaches).
-
Comment on The zero-days are numbered β Firefox team uses AI to find and fix vulnerabilities in ~tech
kacey Link Parent(agreed with you on all points; just wanted to say that Mozilla is going all-in on AI just as the bubble is popping -- which is par for course for that brain dead organization -- hence the glazing...It's unlikely we'll get to "zero bugs" any time soon, that's pretty hyperbolic. Security vulnerabilities being a subset of "bugs".
(agreed with you on all points; just wanted to say that Mozilla is going all-in on AI just as the bubble is popping -- which is par for course for that brain dead organization -- hence the glazing of AI in this post. Probably)
-
Comment on The zero-days are numbered β Firefox team uses AI to find and fix vulnerabilities in ~tech
kacey Link ParentJust focusing in on this statement. The model and agent harness at play -- Mythos, I guess -- also found a buffer overflow in FreeBSD's NFS server that it could leverage into an RCE vuln. That...AI is serving as an odd abstraction layer that's just willing to do the known tedious work of "hey asshole don't use this thing that's been in the library as a footgun since 1980" [...]
Just focusing in on this statement. The model and agent harness at play -- Mythos, I guess -- also found a buffer overflow in FreeBSD's NFS server that it could leverage into an RCE vuln. That codebase has been poured over by security-focused software developers and static analysis suite companies for ages, so finding a novel buffer overflow attack seems significant. So it's looking at more than the transitive closure of dependency versions.
Real solutions to this kind of problem will always stem from type or even mathematically safe code from the ground up.
The OWASP top ten are mostly not addressable using type-level logic or proof assistants, unless you really bend over backwards.
-
Comment on What is watts, volts and amps? in ~science
kacey LinkMay I ask if there's a context in which this came up recently? Perhaps providing an answer in terms of something that you run into frequently would stick in your head better than something to do...May I ask if there's a context in which this came up recently? Perhaps providing an answer in terms of something that you run into frequently would stick in your head better than something to do with water?
-
Comment on Tildes Survey #1: How old are you? in ~talk
kacey Link ParentNo worries! I totally hear that their phrasing could easily be read as accusatory, or even threatening; it was definitely very blunt and to the point. Equally, I agree that the tildoan way should...No worries! I totally hear that their phrasing could easily be read as accusatory, or even threatening; it was definitely very blunt and to the point. Equally, I agree that the tildoan way should be to try to correct with friendliness, too! I've been called out a bunch and -- maybe, 60% of the time -- I really do appreciate peoples' responses π (admittedly this is like 59% better than anywhere else on the Internet, hence why I keep coming back here).
-
Comment on Tildes Survey #1: How old are you? in ~talk
kacey Link ParentIMO I thought it was a great question, and I learned today that the GDPR doesn't apply to literally everyone doing anything on the internet! Especially given the state of affairs in the world,...IMO I thought it was a great question, and I learned today that the GDPR doesn't apply to literally everyone doing anything on the internet! Especially given the state of affairs in the world, asking people for identifying personal information can become problematic, so I'm glad that someone felt empowered to ask these sorts of questions. I know that I'm not always as cautious as I should be, and knowing that other folks are looking for scams and whatnot makes me feel more comfortable with the community at large.
-
Comment on Which covers did it better than (or put a fresh twist on) the original? in ~music
kacey Link ParentHah, true, though admittedly I try not to hide my Canadian-ness π and np for sharing! I'm surprised (and a smidge overwhelmed) at the response this thread had; I've been having a lot of fun...Hah, true, though admittedly I try not to hide my Canadian-ness π and np for sharing! I'm surprised (and a smidge overwhelmed) at the response this thread had; I've been having a lot of fun listening through a bunch of genres that wouldn't typically show up in my feed!
-
Comment on Fits on a floppy - a manifesto for small software in ~tech
kacey Link(a propos of nothing, this revived an old memory of cramming more than 1.44mb onto a floppy -- thank you for that π)(a propos of nothing, this revived an old memory of cramming more than 1.44mb onto a floppy -- thank you for that π)
-
Comment on Which covers did it better than (or put a fresh twist on) the original? in ~music
kacey Link ParentI think I listened to it at least a hundred times last year; I'm so tired of it π it showed up in my Spotify Wrapped, and I can't recall now, but I feel like I was in the top listens for it....I think I listened to it at least a hundred times last year; I'm so tired of it π it showed up in my Spotify Wrapped, and I can't recall now, but I feel like I was in the top listens for it. Aaauuuugh, I'm listening to it again; I can't stop myself ...
-
Comment on Which covers did it better than (or put a fresh twist on) the original? in ~music
kacey Link ParentI rather enjoyed that one! Might leave the rest on play in the background π thanks for sharing it! (unfortunately it also reminded me of the Disney "A Whole New Sound" album, which features...I rather enjoyed that one! Might leave the rest on play in the background π thanks for sharing it!
(unfortunately it also reminded me of the Disney "A Whole New Sound" album, which features artists of that era covering popular Disney songs ... so cursed ...)
-
Comment on Which covers did it better than (or put a fresh twist on) the original? in ~music
kacey Link(moved from topic) I've enjoyed the swing twist that The Good Lovelies' cover of Crabbuckit put on K-Os' original piece (which on a re-listen still holds up! Appreciate the sax solos too)(moved from topic)
I've enjoyed the swing twist that The Good Lovelies' cover of Crabbuckit put on K-Os' original piece (which on a re-listen still holds up! Appreciate the sax solos too)
-
Which covers did it better than (or put a fresh twist on) the original?
This can be contentious, so feel free to self-categorize as "fresh twist on" as well if you wish π (edit) moved my pick to the comment section ...
This can be contentious, so feel free to self-categorize as "fresh twist on" as well if you wish π
(edit) moved my pick to the comment section ...
47 votes -
Comment on Which Linux distro do you use, and why? in ~tech
kacey Link ParentOoh, that's good to know. I think I'll use the inputs.nixpkgs.legacyPackages.$; trick, though, instead of switching off of flakes, just because it seems like tossing a flake.nix file into a repo...[1000 instances of nixpkgs]
Ooh, that's good to know. I think I'll use the
inputs.nixpkgs.legacyPackages.$;trick, though, instead of switching off of flakes, just because it seems like tossing aflake.nixfile into a repo is a pattern folks are using more and more often? I try not to swim upstream for this sort of thing.[anti-flake revolutionaries]
The adherents to older designs have succeeded before; I wish you luck! I'm going with the flow, so I can mostly just cheer y'all on from the sidelines π
-
Comment on β60s loungeβ and Laufey in ~music
kacey Link ParentAugh, thank you for reminding me of "From the Start"; now I've been whistling it for hours XDAugh, thank you for reminding me of "From the Start"; now I've been whistling it for hours XD
-
Comment on Which Linux distro do you use, and why? in ~tech
kacey Link ParentAugh, yeah, you're totally right. But if I switch away from flakes, then I no longer have a way to pin my transitive dependency tree, right? My background from build systems (maven, gradle, bazel,...Ha. Only the system hardcode: you know that's a flakes thing? There are some of us that have feelings about flakes. If you use "classic" nix, you just ignore it and builtins.currentSystem just handles it. Flakes also basically have no story at all on cross compilation which is what got me into nix in the first place (building stuff for embedded).
Augh, yeah, you're totally right. But if I switch away from flakes, then I no longer have a way to pin my transitive dependency tree, right? My background from build systems (maven, gradle, bazel, mostly) prods me to use lock files to implement strict, explicit dependency management. Letting versions float around has been a recipe for disaster ime, since a source code "rollback" no longer rollsback your actual binary; you're still pulling in any library changes that have happened since the original build. That wouldn't matter on a traditional system -- where one simply yolo's new packages into their OS, and they pray that full system backups can haul them back into production should the worst occur -- but I started using NixOS because I'm a complete control freak π
[nix repl]
I just learned about this, actually! But mostly I've been instructing the LLM to explore that to assist with problem solving, since local agents work overwhelmingly better when they are instructed to iterate on a problem and get quick feedback (ime by default they attempt the Feynman problem solving algorithm, which fails periodically for larger and more competent models, let alone my local freebies). Pointing them at the local nix docs also helps, but the docs themselves are unhelpfully a gigantic HTML file on disk with no easy pointer to them (
nix-build --no-out-link '<nixpkgs>' -A nixpkgs-manualafaict?).Thanks for replying to my nosey comment! I enjoyed your essay. I also agree that nix lacks many conveniences for programming in the large that make it super annoying.
Hah, np! It was cool to hear from someone that has real experience with NixOS/nix; please do share any other tidbits you come across!
Not that this helps, but on the topic of there not being great introductory books on electromagnetism which also do not take liberties with the mathematics, I've always wanted to write an edugame to teach this stuff on a human scale. There've been some (relatively) fun puzzle games which play around with special relativity, for example, and which provide a better intuition than drilling through textbook questions.
Slowing down waves, scaling up quantum phenomena, visualizing invisible fields, etc. seem like they could do a lot for helping people build a strong foundation to work off of. Play is such an underexplored teaching method, especially in adults.