Maybe you shouldn't install new software for a bit

Posted by psxuaw 17 hours ago

Maybe you shouldn't install new software for a bit(xeiaso.net)

709 points | 378 commentspage 6

ptrl600 7 hours ago|

What if it's a really good bit?

jauntywundrkind 15 hours ago||

I do a bit wonder what happens as standard practice becomes to lag more and more and more. Who is there left that's looking, that'd finding out?

ayuhito 15 hours ago||

I think there’s already a big market of supply chain security companies that are proactively scanning dependencies for this sort of thing.

They’re always racing to be the first one to write an article about a case.

cybercatgurrl 15 hours ago||

you raise a really good point. if everyone is doing this at exactly the same lag then it will eventually start hitting groups in sync at the exact same time

jbrooks84 15 hours ago||

100% doing this, sadly

grayhatter 9 hours ago||

I dislike FUD like this :/

cookiengineer 16 hours ago||

Fun fact: You still can't build the vllm container with updated dependencies since llmlite got pwned. Either due to regression bugs, or due to impossible transient dependencies in the dependency tree that are not resolvable. There is just too much slopcode down the line, and too many dependencies relying on pinned outdated (and unpublished) dependencies.

I switched to llama.cpp because of that.

To me it feels more and more that the slopcode world is the opposite philosophy of reproducible builds. It's like the anti methodology of how to work in that regard.

Before, everyone was publishing breaking changes in subminor packages because nobody adhered to any API versioning system standards. Now it's every commit that can break things. That is not an improvement.

2ndorderthought 16 hours ago||

Write only code is such a bad bad idea. No one is reviewing 20k loc PRS with 15 new dependencies in an afternoon. Sorry it's just not happening I don't care how many years you have been a software engineer. Yet that's the new thing and how we all are supposed to work or else we are all Luddites.

perching_aix 15 hours ago||

I'm personally waiting to be downgraded to simply being called "lazy".

When I see pages of obviously generated prose being submitted as any kind of documentation, my eyes just glaze over. I feel so guilty sharing similar stuff too, though to my credit, at least I always lead with a self-written TLDR, the slop is just for reference. But it's so bad, like genuinely distressing tier. I don't want to read all that junk, and more and more gets produced.

Prose type docs have always been my Achilles heel, and this is like the worst possible evolution of that.

For a brief period in the past few weeks, they somehow managed to make a change to ChatGPT Thinking that made it succint. The tone was super fact oriented too. It was honestly like waking up from a fever dream.

cybercatgurrl 14 hours ago||

slopcode is a pejorative that means nothing to me. if you have an actual criticism to make, then do it

ElenaDaibunny 6 hours ago||

[dead]

assanineass 3 hours ago||

[dead]

liamwei 11 hours ago||

[flagged]

royaldependent 8 hours ago||

[dead]

Luker88 7 hours ago|

Dammit, this is why nobody uses NixOS. Nothing works on it!

The copyFail didn't, the dirtyfrag doesn't.

This copfail2 does modify /etc/passwd, but I can't `su - sick` as expected.

Luker88 7 hours ago|

sligtly unrelated, but the portable way to execute stuff is via `/usr/bin/env`, not `/bin/bash`.

I did try fixing the path to use nixos paths, but it was still unsuccessful. Did not really check further.

More comments...