@acdha@code4lib.social avatar

acdha

@acdha@code4lib.social

Software developer at a big library

(Note: if you followed @acdha this account is more related to my work interests and https://thepit.social/@acdha is more personal)

This profile is from a federated server and may be incomplete. Browse more on the original instance.

spaf, to random
@spaf@mstdn.social avatar

Did you get yours?

It was announced today at RSAC that "Cybersecurity Myths and Misconceptions" has been added to the Cybersecurity Canon Hall of Fame.

1/2

The announcement noted

acdha,
@acdha@code4lib.social avatar

@spaf congratulations!

shac, to random
@shac@ioc.exchange avatar

Assertion: it is more difficult to review and fix LLM-generated code than it is to write the code correctly yourself. Using AI to generate code is transferring the intelligence of coding from writing to reviewing.

acdha,
@acdha@code4lib.social avatar

@shac I think this also explains why there’s a wide range in reported benefits: an experienced developer who’s used to handing a lot of implementation over has already internalized many of the skills needed to write a better spec & good approaches for testing.

evan, (edited ) to random
@evan@cosocial.ca avatar

Which major change would a time traveler from 1974 notice most about cities today?

#EvanPoll #poll

acdha, (edited )
@acdha@code4lib.social avatar

@evan everyone is driving huge vehicles which look like they’re going on a 2 month safari even if they’re just going a mile for coffee

acdha, to random
@acdha@code4lib.social avatar

“Perhaps more than any other part of the tech industry, crypto relies on storytelling. This is because the underlying technology, as it exists today, doesn’t have much to offer the average person in their day-to-day life. Instead, entrepreneurs conjure visions of what the tech might look like tomorrow”
https://www.bloomberg.com/news/features/2024-05-02/crypto-is-anything-but-strong-right-now

acdha, to random
@acdha@code4lib.social avatar

“Those aged 65 in 2010 may receive $333 billion more in benefits than they pay in taxes (see chart), an obligation 17 times larger than that likely to be left by those aged 25.”

https://www.economist.com/finance-and-economics/2012/09/29/sponging-boomers

afeinman, to UX
@afeinman@wandering.shop avatar

I cannot communicate how much I hate the "long press--to do things" interface pattern.

What does it do? No idea; every control is different.

Is it discoverable? Only in the way the corner of a coffee table is discoverable by your shin.

Is it accessible to folks with motor control issues, or who use screen readers? Also no.

Gah.

acdha,
@acdha@code4lib.social avatar

@afeinman @danielbowen they’re especially bad due to other UI trends like removing control styling. Right-clicks were similar: we used to have widespread standards for indicating controls & people would try right-clicks more, keyboards had dedicated buttons, etc. but now a lot of people never got in the habit of trying because it usually does nothing. I just don’t see the minimalist UI folks admitting that they went toro far, but maybe something like Apple’s de-Ives-ing could happen.

ebooksyearn, to random
@ebooksyearn@thepit.social avatar

Trying dinner from a new spot in our neighborhood

acdha,
@acdha@code4lib.social avatar

@ebooksyearn I was just about to ask!

acdha, to random
@acdha@code4lib.social avatar

They should be required to make it equally easy to quit Prime:
https://www.foxglove.org.uk/2024/05/02/legal-challenge-to-amazon-uks-new-one-click-to-quit-the-union-tool/

acdha,
@acdha@code4lib.social avatar

@nikkid I had forgotten about that “Iliad flow”!

acdha, to random
@acdha@code4lib.social avatar

brb, putting “software quality guru” on my LinkedIn…

mistersql, to random
@mistersql@mastodon.social avatar

Aider? Devika? Github Pilot Workspaces? Nah.

I had the idea of a team of LLM bots and I'd teach them all the important parts of software development:

  • backstabbing
  • shirking work
  • romantic liaisons
  • attempting to work for two employers (selling the same hour twice)
  • sabotaging teams with similar projects & overlapping features
  • PM's killing a feature just to feel alive
acdha,
@acdha@code4lib.social avatar

@mistersql hmmm, could we use LLMs to do the process-as-product and work shirking?

ErikJonker, to ai
@ErikJonker@mastodon.social avatar

Ofcourse results needs to be verified and confirmed in practice but after reading the
MedGemini paper from Google there is no doubt in my mind AI will change the world of medicines. Not replacing people but augmenting them during diagnosis, operations and treatment of patients.
https://arxiv.org/abs/2404.18416

acdha,
@acdha@code4lib.social avatar

@kellogh @ErikJonker I think augmentation is going to be huge but it feels like we need something like laws or a physicians’ professional standards group to provide back-pressure against financial pressure to limit or rush human review. It’s too easy to imagine an insurance company trying to make the patients-per-doctor ratio even worse because the ML system is “usually” right, etc.

acdha,
@acdha@code4lib.social avatar

@kellogh @ErikJonker Doctors and lawyers are paid better than average but there seems to be a generational gap growing – younger doctors are increasingly employees of huge businesses with far less autonomy:

https://www.ama-assn.org/practice-management/private-practices/generational-trends-underlie-doctors-move-private-practice

Edent, (edited ) to random
@Edent@mastodon.social avatar

You receive a call on your phone.
The caller says they're from your bank and they're calling about a suspected fraud.

"Oh yeah," you think. Obvious scam, right?

The caller says "I'll send you an in-app notification to prove I'm calling from your bank."

Your phone buzzes. You tap the notification This is what you see.

Still think it is a scam?
1/3

acdha,
@acdha@code4lib.social avatar

@philip @Edent I would bet a lot of people would see a different number and just assume their IT department messed up, since there’s rarely a shortage of prior support for that. That goes double if the scammer successfully gets the person into a panic state first.

acdha,
@acdha@code4lib.social avatar

@philip @Edent yes - it’s a brutally hard problem because banks have to assume some customers will have lost phones/ID, be confused, etc. and the fraud industry is large enough to have decent IT, training, etc.

I think expecting the phone companies to do more is the future. I’d bet a lot of people would use an international/VoIP block and they could setup a system where you can’t reset passwords, transfer, change your address, etc. except by starting the call in their app.

acdha,
@acdha@code4lib.social avatar

@dolmen @philip @Edent not in the background, no, but what if the OS mediated it so it got a system confirmation dialog each time or had an API effectively allowing it to ask if your call was to a set of numbers?

One problem is that this will probably lead to even more efforts targeting landline users, who trend older.

owen, to random
@owen@mastodon.transneptune.net avatar

Direnv has been a great help for me in getting out of the habit of storing creds in dotfiles. I wrote up some patterns I've found useful: https://grimoire.ca/code/direnv-patterns/

acdha,
@acdha@code4lib.social avatar

@owen @mhoye re: your last point, if you’re on a Mac and don’t use 1Password, I highly recommend using “security find-internet-password” in .envrc files so you have perfect sync between what direnv does and what your other tools do.

The Python keyring library is an excellent option there, too, because it’s cross platform, has a CLI for e.g. direnv, and you can integrate it in Python utilities directly for more control.

acdha,
@acdha@code4lib.social avatar

@owen I kept meaning to use Vault and then…

danluu, (edited ) to random
@danluu@mastodon.social avatar

Naive question: why do React apps in the real world tend to be slow?

I tried doing a React tutorial and the result was quite fast (w.r.t. latency & CPU utilization on low-end devices) until the tutorial has you replace "manual" / "low-level" react calls with commonly used libraries, e.g., using TanStack Query instead of useEffect plus a manually instantiated cache.

Is the main issue that libraries tend to be big and slow or is there another major cause of React app slowness?

acdha,
@acdha@code4lib.social avatar

@danluu little culture around profiling (especially memory usage) paired with culture of massive dependency trees.

I’ve had people just panic when you ask them how to get an app under, say, 4MB of code to display a search form because they’re mostly working on the top of a huge jenga tower and praying that webpack can work a miracle.

acdha,
@acdha@code4lib.social avatar

@danluu I also think the web front end world has some lingering trauma from the IE6 era where people assume browsers are terrible and they need to deploy tons of code to work around it. That’s not specific to React but it was designed for that era and I see an increasing number of front end developers who barely learned CSS or many browser APIs because they learned everything as “add another NPM module”, which is tragicomic given how much browser APIs matured over the last decade or so.

josh, to random
@josh@joshdata.me avatar

Googlers getting fired for protesting cloud contracts are self righteous SOBs. Who did you think you were working for?? What did you think you were developing??

acdha,
@acdha@code4lib.social avatar

@josh I would hope that a whole lot of people are reconsidering how much privilege they really have – a ton of techies think they're on the same side as their CEO because they're paid 3-10x the median income and haven't really thought about how little that closes the vast chasm between them and the people they look up to.

acdha, to random
@acdha@code4lib.social avatar

“The good news is that the web isn't actually dead dead, just mostly dead.

And mostly dead, as well all know, is partly alive.”

https://sheep.horse/2024/4/save_the_web_by_being_nice.html

acdha, to random
@acdha@code4lib.social avatar

If you know an educator who works with or visually impaired kids, this LEGO Bricks Kit offer may be of interest:

https://www.aph.org/lego-braille-bricks-kit-request-form/

acdha, to random
@acdha@code4lib.social avatar

If you thought it was bad how often backups aren't tested, it gets worse:

“If all those misconfigured systems were attempting to back up their data into my S3 bucket, why not just let them do so? I opened my bucket for public writes and collected over 10GB of data within less than 30 seconds. Of course, I can’t disclose whose data it was. But it left me amazed at how an innocent configuration oversight could lead to a dangerous data leak!”

https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1

waldoj, to random
@waldoj@mastodon.social avatar

I think the new government windmill I should tilt at is outsourcing project management organizations (PMOs) for tech projects.

Agencies will do anything to avoid actually having any control or oversight over their most important work. Hired a vendor for $100 million to overhaul mission-critical software? Might as well hire another vendor for $20 million to manage the project. Who in government has the job of actually making sure that $120 million is well spent? Nobody!

acdha,
@acdha@code4lib.social avatar

@sboots @waldoj that’s a characteristically good piece. Bookmarked.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • kavyap
  • DreamBathrooms
  • tacticalgear
  • magazineikmin
  • khanakhh
  • everett
  • Youngstown
  • mdbf
  • slotface
  • rosin
  • ethstaker
  • InstantRegret
  • thenastyranch
  • JUstTest
  • ngwrru68w68
  • cisconetworking
  • cubers
  • osvaldo12
  • modclub
  • GTA5RPClips
  • tester
  • Durango
  • provamag3
  • anitta
  • Leos
  • normalnudes
  • lostlight
  • All magazines
    •