Part of my role at work is in security policy & implementation. I can't figure this out so maybe someone will have some advice.

With the advent of AI coding, people who don't know how to code now start to use the AI to automate their work. This isn't new - previously they might use already other low code tools like Excel, UIPath, n8n, etc. but it still require learning the tools to use it. Now, anyone can "vibe coding" and get an output, which is fine for engineers who understand how the output should work and can design how it should be tested (edge cases, etc.)

I had a team come up with me that they managed to automate their work, which is good, but they did it with ChatGPT and the code works as they expected, but they doesn't fully understand how the code works and of course they're deploying this "to production" which means they're setting up an environment that supposed to be for internal tools, but use real customer data fed in from the production systems.

If you're an engineer, usually this violates a lot of policies - you should get the code peer reviewed by people who know what it does (incl. business context), the QA should test the code and think about edge cases and the best ways to test it and sign it off, the code should be developed & tested in non-production environment with fake data.

I can't think of a way non-engineers can do this - they cannot read code (and it get worse if you need two people in the same team to review each other) and if you're outsourcing it to AI, the AI company doesn't accept liability, nor you can retrain the AI from postmortems. The only way is to include lessons learned into the prompt, and I guess at some point it will become one long holy bible everyone has to paste into the limited context window. They are not trained to work on non-production data (if you ever try, usually they'll claim that the data doesn't match production - which I think because they aren't trained to design and test for edge cases). The only way to solve this directly is asking engineers to review them, but engineers aren't cheap and they're best doing something more important.

So far I think the best way to approach this problem is to think of it like Excel - the formulas are always safe to use - they don't send data to the internet, they don't create malware, etc. The worst think they can do is probably destroy that file or hangs your PC. And people don't know how to write VBA so they never do it. Now you have people copy pasting VBA code that they don't understand. The new AI workspace has to be done by building technical guardrails that the AI are limited to. I think it has to be done in some low-code tools that people using AI has to use (like say n8n). For example, blocks that do computation can be used, blocks that send data to the intranet/internet or run arbitrary code requires approval before use. And engineers can build safe blocks that can be used, such as sending messages to Slack that can only be used to send to corporate workspace only.

Does your work has adjusted policies for this AI epidemic? or other ideas that you wanted to share?

I'm looking to better organize all the computer and electronics parts I have laying around and am looking for recommendations for software from people who are already doing this. I saw InvenTree but wasn't sure if there are other alternatives I should look at. Most of what I found so far is focused on companies and is therefore a bit more than I need. My only major requirement is that I can self-host it, or at least easily export all my data out of it. Ideally, the same software would work well for organizing home workshop parts as well (e.g. bolts, sockets, glues), though that's not a hard requirement.

Also, I'm not sure if this makes more sense here or in ~hobbies, but I figured the computer/electronics focus means it makes more sense here.

Has anyone used a free, offline, open-source, real-time speech-to-speech translation app on under-powered devices (i.e., older smart phones)? There are a few libraries that written that purportedly can do or help with local speech-to-speech:

• https://github.com/ictnlp/StreamSpeech
• https://github.com/k2-fsa/sherpa-onnx
• https://github.com/openai/whisper

I'm looking for a simple app that can listen for English, translate into Korean (and other languages), then perform speech synthesis on the translation. Although real-time would be great, a short delay would work.

RTranslator is awkward (couldn't get it to perform speech-to-speech using a single phone). 3PO sprouts errors like dandelions and requires an online connection.

Any suggestions?

One thing I really enjoy is being able to share my screen with family and friends to watch movies together or share gameplay. On Windows, you can do this trivially with Discord. On Mac, you can do this on Discord if you install some software they recommend. On Linux, I believe it's impossible with Discord unless you use a third party front end, which I'd rather not do. Zoom has screenshare with sound, but I don't know what the Linux support is like, and it's capped at 40 minutes unless you pay.

Are there other messaging services that have voice call and audio screenshare support on Linux, no unofficial front end necessary, that's also available on Windows and Mac? It's ok if it requires some setup. Ideally it would be a group chat as opposed to streamed publicly on a site like Twitch.

I've been feeling pretty bored for a while and my job isn't really giving something fulfilling to do, So I want to make something.

However, I don't want to make something useless. unfortunately, I can't think of any software I'm in a particular need for. I would love to make something that solves a real problem for a real human.

So, please tell me, what's something that you wish existed because it would reduce suffering in your life that little (or big) bit?

Edit: Wow wow and wow, I didn't expect this thread that I made on a whim to blow up so much. So many idead!

Hey! I’ve been trying lately to get rid of big platforms from my life. One part of it is that I usually buy ebooks/audiobooks from apple, Amazon or google, however I’m then also forced to use their reading app, which is a vendor lock-in I’m not comfortable with.

I know there are plenty of ebook readers out there, but I’m trying to find

1. A store where I can buy ebooks that can be opened in a ebook reader of my choice.
2. A way to then sync my progress between phone and laptop. I have nextcloud setup, so if I can make use of that then it’s perfect.

Anyone here got any tips?

Hey folks, looking for recommendations. What's your go to word processor on Ubuntu? (EDIT: For regular writing, not a text editor for coding.) I haven't been the biggest fan of Libre office tbh (please don't hate me...) There were just several bugs in Writer that made it unusable for me. I'm curious about alternatives. I read that WPS office is on ubuntu, but I've always found it to run kind of slow (however, my experience was on Windows.).

I don't need a lot of fancy utilities, but would enjoy something a little more beautiful than notepad++ :) My biggest concern is just that it's a stable software. I'm OK with glitches or UI bugs, just nothing that's going to crash and burn and corrupt my work. (I mention this because there are several newer word processors made by single developers, and I'm a little weary to use them because I don't genuinely know how stable the software is.) I'm also not a fan of software that saves in some special format where you rely on that software to open it (or have to go through hoops to convert it.)

Any recommends?

EDIT: I'm new to Ubuntu, in case it makes a difference.

I'm currently using Navidrome to self-host my music collection, while using DSub to listen on-the-go.

This works very well for most genres, except for the bulk of my music which is classical music. This presents its own host of problems pertaining to cataloguing and using metadata, since there are often multiple recordings of the same musical composition, recorded by multiple conductors with different orchestras and/or soloists. There may also be different instrumental arrangements of the same musical piece. Merely sorting by "Artist" is therefore quite unsatisfactory in this scenario.

Some streaming services have come up with quite satisfying solutions in my experience (notably Apple Music Classical and Idagio), but I am not sure how to go about listening to my own self-hosted classical music.

Is anybody here on Tildes familiar with this organizational problem? I would be very eager to hear how you have tackled this. Is there any self-hosted software more suitable to cataloguing musical collections with extensive metadata?

Hoping we can get some discussion on self hosting setups throughout the community and help anyone who may be interested with common setups and finding interesting software.

Hardware
Currently running everything on a Dell 7050 SFF (intel i5-7500 and 16GB RAM) which suits my needs perfectly. Had used an older SFF before (i forget which) and a cheap older model mac mini (2012 I think) for self hosting before, but those were not the right choice as I didn't properly understand what hardware encoding was at the time. The i5-7500 handles all the media I have when transcoding is needed. Only thing it can't do is AV1, but my setup avoids those anyway.

Operating System
Distro Hopping habits are hard to break and that "itch" unfortunately carry over to the server. Currently running Ubuntu 22.04 LTS for a few months now, but feeling like a change is needed soon. I've used Ubuntu, Debian, and Fedora for servers before and they each have their own little problems that make me eventually switch. I am considering maybe doing a Proxmox setup so I can spin up a VM whenever that itch comes, but not sure if they added complexity is worth it in the long run.

Software
Yay, the best part! My self hosting stack has changed a ton over the years. Everything in my stack is in a docker container through a set of badly written compose files (planning on redoing things, cleaning things up, making things consistent, etc.). I'll just do a rundown of everything with a brief description of what it is:

• Plex Gives me a Netflix like streaming experience at home. Currently working on shifting things over to JellyFin as Plex is starting to grow increasingly buggy for me.
• Sonarr Automatically tracks and downloads all my shows. I have two instances of this running, one for normal tv shows and another for anime
• Radarr Automatically tracks and downloads all my movies.
• Prowlarr Sowers the high seas for what Sonarr and Radarr are looking for and gives them the "linux iso".
• rdt-client Probably different to most peoples setups. I use a debrid service (not sure why people call them that), to download my "linux iso's" for me and I do a direct download from them. Much quicker and no torrenting traffic on my end. Also it's also cheaper than paying for a VPN usually.
• File Browser A good web ui for managing files
• Nginx Proxy Manager Is a reverse proxy for all of my services and gives me HTTPS for everything. Gets rid of the annoying browser warnings.
• Tailscale The most recent addition to my setup. Allows me to access my network anywhere. Similar to a VPN (I know it uses wireguard under the hood), but does a lot of magic for you and just makes everything work and connect together, its really cool.
• Adguard Home Gives me a local DNS server that does DNS level ad blocking. Never given me problems and it works well, but I am thinking of reducing the complexity of my setup and removing it. There tons of DNS servers out there that can do the same thing and I don't mind trusting a few of them (like quad9 or mullvad dns).
• Watchtower It monitors all my docker containers and keeps them up-to-date. If a new version is out, it will automatically download the latest version and restart the container and delete the old container version. I know its not the best idea, but its only cause a break 1 time with 1 container in the couple years I've run this setup.
• Homepage Literally the homepage for all my services. I've tried a lot of different ones and Homepage is easily the best. Simple, but powerful to configure.

Keen eyes may have noticed the lack of backup software. I'll get around to that, eventually.

I know quite a controversial and opinionated question, one that might easily get blasted with downvotes on a site like StackOverflow or even Reddit! Nevertheless, one which I believe is still relevant to ask and useful one even in 2023.

The problem with backend web technologies is that we are overwhelmed with choices. Whilst getting spoilt with choices seems like a useful thing sometimes, it might easily be an impediment in decision making too. Based on my experience, there are a bunch of useful stacks and I will work on any of them if you pay me to work as a freelance coder. Each has its own pros and cons but I'm yet to find the ideal one which according to me is something that should be easy to code and deploy while also better performing at the same time.

• ASP.NET: C# is the language I started coding web apps with in my last company and ASP.NET web forms was quite the rage back then. PHP was also gaining traction in the open source world and the webdev was mostly divided between the Enterprisey .NET aristocrats of Microsoft world and the poor PHP peasants of the FOSS world! One good thing about ASP.NET was performance. Since MS controlled the whole stack, they also put great efforts at making it work faster. The bad thing, of course, was dependence on a closed tech stack and a closed black box that generated JS functionality on its own.
• PHP: When I resigned from that company and started freelancing, I came to know about open source, linux, XAMPP, etc. That was when I realized that my own attitudes and thinking was more attuned to the FOSS peasant mindset than the wealthy aristocrat's! I didn't earn quite as much in freelancing with WP, Drupal, SuiteCRM, CodeIgniter, etc. but I found great happiness and contentment in being part of the open source process. Till date, PHP remains my favorite language for backend development and most of my web projects involve CodeIgniter or even pure PHP.
• Python: Flask is what got me interested in Python web development. The sheer minimalism and flexibility of that framework is what I found quite remarkable and quite a rarity in the frameworks world. And jinja2 template system was just fantastic. The other framework called django is more popular I think and I've worked on that too but Flask still remains my favorite. Flask is good in performance dept. too but I think it gets tricky once you start scaling with too many users.
• Java: I've never really bothered with Java web development except a few tutorial experiments on the Apache TomEE server. The multi-layered approach that Java takes not only has very steep learning curve but unless you're a very gifted programmer, it's practically impossible to beat the performance of interpreted PHP/Flask!
• NodeJS: Again, not much work here except brief hobby projects like http-live-simulator. The npm packaging system really turned me off initially with so many packages and issues with that system in the earlier days. Nowadays, I've heard that it's much usable but I've never gotten into it.

And now, we also have the evolving languages like Golang, Rust, etc. taking their baby steps towards web development too! Are any of them worth giving a try? If someone were to ask you for a backend tech stack recommendation while giving equal weightage to performance, developer productivity and ease of deployment, which one will you suggest?

A common theme in web development, and the crux of the so-called "Web 2.0" is scrolling through dynamic lists of content. Tildes is such an example: you can scroll through about 50 topics on the front page before you reach a "next" button if you want to keep looking.

There's a certain beauty in the simplicity of the next/previous page. When done right it's fast, it's easy, and fits neatly into a server-side rendered model. However, it does cause that small bit of friction where you need to hit the next button to go forward -- taking you out of the "flow", so-to-speak. It's slick, but it could be slicker. Perhaps more importantly, it's an interesting problem to solve.

A step up from the next/previous button is to load the next page of content when you reach the end of the list, inserting it below. If the load is pretty fast, this will hardly interrupt your flow at all! The ever-so-popular reddit enhancement suite does precisely that for reddit: instead of a next button, when you reach the bottom, the next page of items simply plops into place. If the loading isn't fast enough, perhaps instead of loading when they reach the last item, you might choose to load when they hit the fifth from last item, etc.

To try to keep this post more concrete, and more helpful, here's how this type of pagination would work in practice, in typescript and using the Intersection Observer API but otherwise framework agnostic:

/**
 * Allows the user to scroll forever through the given list by calling the given loadMore()
 * function whenever the bottom element (by default) becomes visible. This assumes that
 * loadMore is the only thing that modifies the list, and that the list is done being modified
 * once the promise returned from loadMore resolves
 *
 * @param list The element which contains the individual items
 * @param loadMore A function which can be called to insert more items into the list. Can return
 *   a rejected promise to indicate that there are no more items to load
 * @param triggerLoadAt The index of the child in the list which triggers the load. Negative numbers
 *   are interpreted as offsets from the end of the list. 
 */
function handlePagination(list: Element, loadMore: () => Promise<void>, triggerLoadAt: number = -1) {
    manageIntersection();
    return;

    function handleIntersection(ele: Element, handler: () => void): () => void {
        let active = true;
        const observer = new IntersectionObserver((entries) => {
            if (active && entries[0].isIntersecting) {
                handler()
            }
        }, { root: null, threshold: 0.5 });
        observer.observe(ele);
        return () => {
            if (active) {
                active = false;
                observer.disconnect();
            }
        }
    }

    function manageIntersection() {
        const index = triggerLoadAt < 0 ? list.children.length + triggerLoadAt : triggerLoadAt;
        if (index < 0 || index >= list.children.length) {
            throw new Error(`index=${index} is not valid for a list of ${list.children.length} items`);
        }

        const child = list.children[index];
        const removeIntersectionHandler = handleIntersection(child, () => {
            removeIntersectionHandler();
            loadMore().then(() => {
                manageIntersection();
            }).catch((e) => {});
        });
    }
}

If you're sane, this probably suffices for you. However, there is still one problem: as you scroll,
the number of elements on the DOM get longer and longer. This means they necessarily take up
some amount of memory, and browsers probably have to do some amount of work to keep
track of them. Thus, in theory, if you were to scroll long enough, the page would get slower and
slower! How long "long enough" is would depend mostly on how complicated each item is: if each one
is a unique 20k element svg, it'll get slow pretty quickly.

The trick to avoid this, and to get a constant overhead, is that when adding new items below, remove the same number of items above! Of course, if the user scrolls back up they'll be expecting those items to be there, but no worries, the handlePagination from before works just as well for loading items before the first item.

However, this simple change is where a key problem arises: inserting elements below doesn't cause any layout shift, but inserting an item above ought to--right?

The answer is: it depends on the browser! Back in 2017 chrome realized that it's often convenient to be able to insert items into the dom above the viewport, and implemented scroll anchoring, which basically ensures that if you insert an item 50px tall above the viewport, then scroll 50px down so that there's no visual layout shift. Firefox followed suite in 2019, and edge got support in 2020. But alas, safari both on mac and ios does not support scroll anchoring (though they expressed interest in it since 2017)

Now, there's two responses to this:

• Surely Safari support is coming soon, they've posted on that bug as recently as April! Just use simpler pagination for now
• Pshhhh, just implement scroll anchoring ourself!

Of course, I've gone and done #2, and it almost perfectly works. Here's the idea:

• Right before loadMore, find the first item in the list which is inside the viewport. This is the item whose position we don't want to move. Use getBoundingClientRect to find it's top position.
• Perform the DOM manipulation as desired
• Use getBoundingClientRect again to find the new top of that item.
• Insert (or remove) the appropriate amount of blank space at the top of the list to offset the change in client rect (note that if there's scroll anchoring support in the browser this should always be zero, which means this effectively works as progressive enhancement)

Now, the function to do this is a tad too long for this post. I implemented it in React, however, and combined it with some stronger preloading object (we don't need all the items we've fetched from the API on the DOM, so we can use before, onTheDom, after lists to avoid getting a bunch of api requests just from scrolling down and up within the same small number of items).

What's interesting is that it still works perfectly on chrome even with scroll-anchoring disabled (via overflow-anchor: none), but on Safari there is still, sometimes, 1 frame where it renders the wrong scroll position before immediately adjusting. Because I implemented it in react, however, my current hypothesis is I have a mistake somewhere which causes the javascript to yield to the renderer before all the manipulations are done, and it only shows up on Safari because of the generally higher framerates there

If it's interesting to people, I could extract the infinite list component outside of this project: I certainly like it, and in my case I do expect people to want to quickly scroll through hundreds to thousands of items, so the lighter DOM feels worth it (though perhaps it wouldn't if I had known, when starting, how painful getting it to work on Safari would be!).

What do you think of this type of "true" infinite scrolling for web? Good thing, neutral thing, bad thing? Would you use it, if the component were available? Would you remove it, if you saw someone doing this? Are there other questions about how this was accomplished? Is this an appropriate post for Tildes?