Top
Best
New

Posted by Ygg2 5 hours ago

Goodbye, and Thanks for All the Bikesheds(queue.acm.org)
166 points | 174 comments
hinkley 2 hours ago|
A bit of an aside, but after someone introduced me to the notion of Reversible Decisions, it quickly became apparent to me that the solution to the bikeshed problem is to throw money at it before the roosters can start preening about which color the shed should be.

Decisions that are reversible should just go with the instinctive answer of whoever volunteers to work on it.

I've been in many meeting rooms where, because of the number and caliber of people in the room, we've blown $5000 worth of combined salary arguing about basically nothing. I've been in a few where that number was well over $10k.

If you're going to assign a relatively medium talent engineer to solve a problem, it's cheaper to let them solve it twice, maybe even three times, than it is to try to figure out what the right solution is before touching a keyboard. It helps them grow to give them that autonomy, and more importantly training your team out of reflexively reaching for optimization for every single feature saves gobs of money over time.

The interface for a piece of code matters to everyone. The internal implementation details mostly matter to the bus number on that code. If they're happy with it, that matters a lot. That can be overridden by the consequences of that design, but I've seen a couple cases where the bus number for a module wanted a solution with fewer consequences but the group wisdom wanted something flashier but also more brittle.

pinkmuffinere 1 hour ago||
+1! I've fallen in love with many of Amazon's in-group concepts, and maybe I'm just drinking the koolaide, but they have the concept of a "two-way door", which is exactly this -- a decision that can be made, unmade, remade, etc relatively cheaply. If you can identify that a choice isn't very dangerous, you can focus on the things that really are instead.
shepherdjerred 11 minutes ago||
Amazon's leadership principles are fantastic. They are applicable to anyone doing any job at any level.
busterarm 1 hour ago||
This often massively discounts the cost of reversing decisions. People often work to build things without any thought given to those who have to maintain it afterwards. Especially when it's not them.

I worked at a large, publicly-traded multinational where decades prior and they were still just a 4 man startup they decided the database server and all timestamps should be in the local timezone.

They are still using EST today even when they have global sharding of their customers/databases between US, EU, LATAM, SEA...

--- you're also assuming that the product roadmap will afford your engineers any time to build it the second, third, fourth, etc. time.

xg15 5 minutes ago|||
There seems to be some general pattern here that you can find pretty often in "dev war stories" contexts:

(1) We're a small startup/new product team/etc, let's just build the MVP and keep everything simple!

(2) Now we're not small anymore and suddenly have all kinds of nonfunctional requirements we never imagined before! But our simple architecture from before is making everything a pain now!

The natural instinct is then to compromise on the "simpleness" of the first prototype and already try to anticipate all the scaling and nonfunctional requirements that might come later - but that rarely seems to work, as you can't really how (and if) the project will grow.

Seems to me, the real question here is why those teams are still using the "MVP" code even after being well inside the "scale up" phase. Shouldn't this be the point where you gradually migrate to a codebase that is more manageable at scale?

hinkley 35 minutes ago|||
When you first introduce the idea you'll find a bunch of people think decisions are Reversible which are not, as you say. And the flip side of Reversible decisions is the Last Responsible Moment, which runs afoul of Hofstadter's Law, and people wait until halfway past the last responsible moment.

The key to reversing a decision is getting over Sunk Cost, to start thinking of some code as scaffolding. Scaffolding allows you to get on to other work and then remove it after, because it's either not needed or the 'real' solution has been installed. People get defensive when you propose to rip out their code. Hey that code made us $250k at a time when we were about to miss payroll. Yes. It did. Thank you for your service. But now it's costing us $30k a month and that shit needs to go.

Getting people to figure out that if a decision is important, making it later is actually the sane thing to do, is a challenge. Because many people's intuition is that we should put energy into this now while it's fresh and we have abundant energy. We can 'solve' it and not have it dangling over our heads. But we don't know the right answer yet. We don't know the strength of our tools or the expertise of our coworkers.

The product roadmap is now and has ever been complete bullshit. Refactoring teaches that you amortize rework across all new stories. That's just how it goes.

(And everything should be in GMT unless you can literally point me to a several hundred page treatise on why another time zone is the correct one. Yeah I've worked west coast places that got bought by NY or Chicago companies and it's a clusterfuck if you both didn't use GMT)

busterarm 9 minutes ago||
Don't get me wrong, I'm a fan of the idea. I pretty much follow a lot of what you're saying without giving it names. I'm just used to people giving lip service to certain ideas as an excuse to move with less friction in their org and end up doing long-term organizational damage.

Thank you for the added detail.

> The product roadmap is now and has ever been complete bullshit. Refactoring teaches that you amortize rework across all new stories. That's just how it goes.

Also agree, but teams use sprints and "the roadmap" as a way to say no to fixing bottlenecks they've created for other teams and don't want to take the time and effort to resolve.

throw0101a 3 hours ago||
For those unaware, PHK created (amongst other things) the MD5crypt password hashing algorithm ($1$…). It came before bcrypt (1999), scrypt (2009), SHA2crypt (2016), etc, and was committed in 1994:

* https://svnweb.freebsd.org/base/head/lib/libcrypt/crypt.c?re...

* https://github.com/freebsd/freebsd-src/commit/3b2b7f71deba2a...

* https://phk.freebsd.dk/sagas/md5crypt/

* https://en.wikipedia.org/wiki/Poul-Henning_Kamp

lysace 2 hours ago||
To clarify: not MD5 itself. It was created in 1991 by Ron Rivest. (It is my experience that knowledge of these things isn't as widely distributed as one might hope.)

I first came across it in 1995/1996: Wow, what a magical tool for backend web stuff! I used it for everything.

vanderZwan 2 hours ago||
Wait, is that the same guy who co-authorer the Floyd-Rivest Algorithm? Hmm, looks like it[0]. Huh, neat.

[0] https://en.wikipedia.org/wiki/Floyd%E2%80%93Rivest_algorithm

hinkley 2 hours ago||
Also the same Rivest as Cormen, Leiserson and Rivest (that Stein dude was after my time), and the R in RSA.
bothers 3 hours ago||
Okay.

What qualifications does phk have that are relevant to the current subject?

andix 4 hours ago||
I don't think age restriction will impact FOSS in the long term. If there are some regulations that threaten FOSS now, they are going to be adopted in the long term.

Regulations for age restriction are understandable. A lot of modern technology is harming kids (and I don't mean dirty videos, social media seems to be much more harmful).

A sensible regulator would leave some responsibility to the parents, but require restrictions for consumer devices (smartphones, laptops). Maybe even enable age restrictions by default, block replacing the OS or the firmware, and only allow it once the age was confirmed.

I don't see a point of including all kind of OS or software into this regulation. Just the ones that are preinstalled on consumer devices, and commercially distributed to consumers. Once the age of the user was confirmed, the devices should be able to become as open as we know them now.

saghm 4 hours ago||
I strongly disagree. There are no kids in my household, and no one else ever uses my devices, so the idea that I need to prove that I'm not a kid for me to be able to pay bills or file taxes on a stock device is ridiculous.
armchairhacker 3 hours ago|||
"Age restriction" can be implemented where stock devices are completely unrestricted. For example, just with better parental controls and education: children don't have access to property, so the parent takes their device and enables the parental controls, but you own your device so leave them disabled.

And this wouldn't affect Linux or FOSS: on a child's device their parent installs either a proprietary OS or a FOSS with parental controls, but again, on your device you install whatever you want.

saghm 2 hours ago|||
That's not what the comment I responded to was proposing:

> Maybe even enable age restrictions by default, block replacing the OS or the firmware, and only allow it once the age was confirmed.

Having an extra hurdle before installing Linux would be an awful secondary effect for this type of regulation independent of whether the check itself is already objectionable (which I always obviously think it is, although obviously plenty of people also don't)

delusional 3 hours ago||||
Is anyone proposing age verification to file taxes? I'd hope you already have to provide some sort of stronger proof of identity to file a tax return anyway.
saghm 3 hours ago||
That's exactly my point; websites that already have absolutely no threat from having kids access them are literally unavailable due to the operating system put up a block that isn't necessary due to a hypothetical kid using the device to access an entirely different hypothetical website. The regulation is absurdly overbroad for what it's trying to actual protect against.
delusional 3 hours ago||
I don't know what regulation you're talking about. Nothing of the sort is being proposed in the part of the world PHK occupies.
saghm 3 hours ago||
The comment I was responding to said this:

> A sensible regulator would leave some responsibility to the parents, but require restrictions for consumer devices (smartphones, laptops). Maybe even enable age restrictions by default, block replacing the OS or the firmware, and only allow it once the age was confirmed.

If you think that this statement is too broad for this thread, I don't understand why you only have issue with my direct response to it. It seems like your issue is with the parent comment I replied to for not being on-topic enough.

dash2 4 hours ago|||
I don't understand the force of that argument. Where is the "so" coming from?
saghm 3 hours ago||
I don't understand what's hard to understand. Regulation that affects people and devices that have no risk of being used for the purported thing that's supposed to be protected against is not well-scoped.
dash2 3 hours ago||
Obviously if the government knew that you had no kids, they wouldn't need to check it. How do you propose they find out, without asking you to prove it?
saghm 2 hours ago||
> How do you propose they find out, without asking you to prove it?

How do I propose the government know if I have kids? I'm pretty sure they already know that I don't?

logifail 4 hours ago|||
> A sensible regulator would leave some responsibility to the parents

(Speaking as a parent of three) why can't we just leave all responsibility to the parents? In our experience in the offline world it seems this applies!

I speak as someone who's taken each of my three children - for two of them, multiple times - to the emergency room to be treated for broken bones incurred in the course of Real Life[tm].

Yes, they play contact sports.

Yes, we use Family Link with pretty restrictive settings.

Despite the series of broken bones, I'm still in favour of kids playing sports and still dubious about the effect of screen time on young minds...

II2II 2 hours ago|||
> (Speaking as a parent of three) why can't we just leave all responsibility to the parents?

Then I'm sure that you appreciate that there are both legal and informal checks in place ensuring that you can take responsibility for your children in the offline world. For example: I would be surprised if your children were able to play organized sports without your permission. Failing to ask for permission would deny you the responsibility of protecting your child as you see fit.

mejutoco 4 hours ago||||
Even in the offline world that is not the case. Ex. Alkohol sales
saghm 4 hours ago|||
You don't need to show your ID to go into the store and buy something else though, so why would this provide any sort of precedent for "you can't use the internet for literally anything on this device without proving your age"?
mejutoco 2 hours ago||
I was responding to this quote only

> why can't we just leave all responsibility to the parents? In our experience in the offline world it seems this applies!

gbear605 4 hours ago||||
In many areas, this is left up to the parents - minors can't buy alcohol at stores, but parents are legally allowed to give alcohol to their children to drink.
WD-42 4 hours ago|||
You could always sign your kid into tik tok to avoid age restrictions if you want. Same thing
manquer 3 hours ago||
I think the distinction the comment is drawing is about the legality of it not the practical feasibility .

It would be illegal under the currently proposed /implemented laws and also open up social media to liability, which wouldn’t be true for other products like Alcohol or fire arms that require minimum age to buy but not give to children

BoorishBears 4 hours ago|||
So we don't leave it all up to the parents: parents can give it, but minors also can't buy it regardless of parental views.

Also give it to your kids too often and the state can step in.

Defense in depth

armchairhacker 3 hours ago||||
An analogous good implementation of age restriction is that one must show their ID to buy an unrestricted device if they look too young.

They can't be tracked, as long as the devices are in randomly sorted identical boxes. Of course someone can buy a device and give it to a kid, but that's already possible with alcohol (and legal if it's their kid).

logifail 3 hours ago|||
> Even in the offline world that is not the case. Ex. Alkohol sales

I bought a beer yesterday and shared it with our 16 year-old, and I shared some wine with him this evening.

How does that not come under "parental responsibility"?

Barrin92 3 hours ago|||
>why can't we just leave all responsibility to the parents?

because we don't live in a 15th century peasant village. The average adult reads at a 7th grade level, 20% of adults are considered functionally illiterate, most adults can't navigate digital spaces, privacy and social media themselves or take on trillion dollar companies.

This also hasn't applied in the offline world since idk, Kant and Hegel, every modern state recognizes that children are persons and citizens in development, not private possessions. If your children have broken bones you can't explain or your parenting is considered to threaten the welfare of your child you can be pretty sure you'll have the authorities at your door quickly, and countries like France have given children the right to sue their parents in case they breach their digital privacy. So called 'sharenting' laws exist because it's not guaranteed that parents are even respecting the privacy of their own children.

logifail 3 hours ago|||
> If your children have broken bones you can't explain [..]

I don't mean to be combative about this but

1) do you have children and 2) if yes, how many times have you taken your child to hospital with a broken bone

I have (unfortunately) got a certain amount of experience with this, and I'm not sure it works the way the uninitiated may think it does.

Barrin92 2 hours ago||
>1) do you have children and 2) if yes, how many times have you taken your child to hospital with a broken bone

yes one and never but it's not clear to me what our personal life has to do with the legal fact that the welfare of our children is in fact not solely in our hands and is subject to limits we can run foul of

Exoristos 1 hour ago|||
Your sharents don't love you like your parents do.
zug_zug 3 hours ago|||
> A lot of modern technology is harming kids (and I don't mean dirty videos, social media seems to be much more harmful).

If that's all we want then that's trivial -- just make certain phones that don't have access to social media, or have whatever limitations enforced. And kids only get those phones. I don't think anybody's addicted to desktop social media.

This gets us the privacy and the protection at once.

inigyou 2 hours ago||
That's how the California act works, but we lumped it under "age verification" anyway. If you have to select whether the device is for someone over or under 18 in a drop-down menu, apparently that's "age verification"
pornel 2 hours ago|||
I think legislation could quite sensibly require OSes and browsers to have easy to enable well-integrated parental controls (which mostly already exists). Browsers could voluntarily send "I'm a child" flag, if you want to make it every website's problem.

But the current legislation is stupid. Treating toddlers like hackers, and forcing every website to deanonymize users. It is so backwards, that it's hard to believe it's not done on purpose as the first step to ban anonymity and strictly control all online access. In the UK of course they're already talking about having a VPN ban, because the hacker toddlers are learning how to mask their IP addresses.

skybrian 3 hours ago|||
I think a reasonable way to divide up responsibilities would be identify child-locked devices, not people. It should be trivial for a website to identify a device with a child lock turned on. Then it's up to parents to make sure their kids get a child-locked device. Manufacturers can make it easy to turn on, and society can help by not selling devices to kids without a child lock turned on.

It won't work against a determined teen (too many unlocked devices out there), but it doesn't have to work perfectly to change the culture that most kids have to deal with.

inigyou 2 hours ago|||
This is part of the very sensible Digital Age Assurance Act that is currently the law in California. It prohibits facial recognition, but requires each device to have a child lock. FOSS can implement this no problem.
close04 2 hours ago|||
What disconnects this discussion from reality, and maybe causes questions like “why don’t they just do it this way”, is the assumption that this is really only or even mainly about age verification and “protecting the children”.

The reason it’s not done “this way” or “that way” even when those are objectively better ways to achieve the stated goal, but rather in an unexplainable way broader way is because the goal is broader that that and age verification is just the tip of the spear. The rest of it is laying the groundwork for a framework to control the freedom on the internet by linking identity to speech and action.

Look at what solution is implemented to decide what problem is it supposed to fix, otherwise you’re just looking at the smoke and mirrors.

Not that every state and country is on board with this, but it’s getting a lot harder to maintain the pressure to keep these initiatives down. Every time they get pushed one step forward it’s that much harder to regain that ground.

skybrian 1 hour ago||
How do you know that's the ulterior motive? Anything more than vibes?

There are a lot of different people in different countries pushing for age verification and I imagine they wouldn't all have the same motives.

leftyspook 3 hours ago|||
The sensible regulation would be aiming at socially harmful features of tech, not forcing people to provide proof of identity to a third party in order to continue harming themselves with the same exact features.

Imagine if such an approach was taken to, for example, food safety? Instead of closing down a restaurant that has poor hygiene, you'd be instead horce the restaurant to hire a private security contractor to check people's IDs to verify that they are old enough to consent to getting a foodborne illness. That's an absurd approach.

andix 18 minutes ago|||
Sadly a lot of tech is potentially harmful for kids. And also adults, but they should be able to handle it better.

But it extends to many other common items. Kitchen knifes, cars, lawn mowers, ...

fragmede 20 minutes ago|||
Except we do that for venue that serve poison aka bars, so if you put it that way, it doesn't seem totally absurd.
tbrownaw 3 hours ago|||
> social media seems to be much more harmful

The stuff I've seen on this doesn't look terribly convincing. It seems to mostly be along the same lines as saying that since some people get bullied or hang out with a bad crowd, socializing in general is harmful.

imhoguy 1 hour ago|||
It is already happening. E.g. soon F-Droid and any unattested open source Android app distribution will be gone, due in Sep 2026.

Same with GitHub and similar, we have CLAs for a while now for licensing. But I see project maintainers are frustrated with AI generated slop PRs and bad actor contributions. The ecosystem will be closing. You will be able to read code, but forget creating PR without some ID verification (because this is for kids or against terrorism).

andix 21 minutes ago||
> soon F-Droid and any unattested open source Android app distribution will be gone

This is not connected to age restrictions. It might've been used as an excuse.

ai_critic 4 hours ago||
First read of this pissed me off, but subsequent reads gave a much different opinion.

Do yourself a favor and read this, a few times, and take a moment to actually try and see what the author's getting at.

ball_of_lint 3 hours ago||
Oh it's so nuanced and hard to parse that he's arguing for compromise.

The trouble is, compromise isn't really a tenable option with encryption. Either you make a draconian law that forces all electronic devices to run approved software only, or people will have access to easy encrypted messaging. There's really no middle ground, because where the smallest weakening of encryption affects everyone's privacy, only outlawing encryption completely will get it out of the hands of criminals. The cat's out of the bag.

Author here and in earlier writing seems to make the argument that a little compromise would make the courts less unhappy, but I think that's misattributing motivation. These laws actually are originated by big tech, who think they will be shielded from liability and make more money off of selling your data. https://github.com/upper-up/meta-lobbying-and-other-findings

sfn42 3 hours ago||
> make a draconian law that forces all electronic devices to run approved software only

That would outlaw programming. It's just not feasible at all, anyone with any kind of tech literacy understands that encryption is here to stay. It's also necessary for the web to function at all for the things we use it for, such as banking.

There is no way to prevent people from communicating in secret. Even if they did strictly control digital communication people would just communicate some other way.

jubilanti 2 hours ago|||
I detest this writing style, where you assert arguments you don't actually believe in and know are in bad faith, in that sniveling "prove me wrong" tone, to provoke some kind of reaction.

Well, mission accomplished, reaction provoked. I'm not going to read this multiple times. I'm going to fire off this comment and remove it from my brain forever.

fragmede 16 minutes ago||
Not a fan of Cunningham's law, I see.

https://lawsofsoftwareengineering.com/laws/cunninghams-law/

dwedge 2 hours ago|||
I struggle with this because the author is lumping FOSS and "tech bros" together as taking the blame for what a handful of large corporations have done, and thinks that our punishment is what those large corps are lobbying for. It seems like an argument that this is a necessary evil to protect the kids - despite admitting that this is not the real reason for the laws - and then says that those of us who care about privacy are either very rare or "mythical".
bothers 1 hour ago||
>I struggle with this because the author is lumping FOSS and "tech bros" together

This is on purpose.

This is the intent.

delusional 4 hours ago||
And please remember that Poul-Henning is an old-hat and well respected in the field, he's also not a product of American culture. Consider that he might have some useful insight that covers some blindspots your particular culture might not.
bothers 2 hours ago|||
The relevant field is politics, not CS.
st3fan 4 hours ago||
"LLM-assisted code review won't be a huge disruptor" is quite the prediction. Because it already is in a very big way. The take on LLMs seems incredibly out of date and out of touch with reality. (Which of course, has moved/advanced very fast the past months/year)
layer8 3 hours ago||
He explains how he thinks it won’t be a disruptor:

> Just on that repeated experience, I suspect we have already seen more than half of the “worst software bugs found with LLM-tools” list.

On the other hand, it’s not clear to me how you think that it already is “in a very big way”.

ang_cire 1 hour ago||
Which is such a crazy assertion, given that not even Mythos was trained explicitly as an exploit finder. Even if the US's profit-driven capital for AI dev dries up, China's state funding for results-driven AI isn't drying up, and they're going to keep building better models as long as the results are there (which they are), for better or worse.
dgellow 3 hours ago|||
That’s not his prediction, he made it clear they are useful. His conclusion for that section is this:

> The only real question for me is: Are the LLM-code-review tools economically viable outside the bubble?

simianthoughts 3 hours ago||
So is he suggesting that in the future, models of Opus 4.8 tier will no longer be as affordable? Like it would become 3-5x more expensive?

Now that's quite a prediction.

dgellow 2 hours ago|||
I’m not exactly sure but I think he’s implying the AI labs aren’t profitable on inference? And that once the bubble pops those models won’t be available anymore? Just my assumptions
ai_fry_ur_brain 2 hours ago|||
[dead]
delusional 4 hours ago|||
Did you continue reading? His argument is exactly that, like all the previous model checkers, LLM's are going to give us some bugs for a while. Then that is going to stop.

His argument is not that they aren't going to find any bugs, but rather that at some point those bugs will be fixed. At which point we will continue on as usual.

ang_cire 1 hour ago|||
How would they stop? Are you insinuating they're going to have reviewed all code at some point, and that new code for them to review will just cease to exist? Or that they'll just decide to stop finding bugs they're finding now in new code when they review it? All the previous model checkers didn't stop giving us bugs to fix, which is why his premise is wrong; every big company is still running SonarQube because it still gives you bug findings. So will AI.

If the argument were instead that it will cease to find new classes of vulnerabilities and bugs, that may very well be true, because that is a question of the limitations of programming and at a lower level computer architecture, but that's not the argument the author made.

simianwords 3 hours ago||||
> At which point we will continue on as usual.

This part is the load bearing claim. Why would you continue on as usual? I'm using LLM's everyday on code reviews and they still catch bugs.

layer8 3 hours ago||
The question is whether the balance of white-hat and black-hat LLM bug findings gives us a different enough result from the previous balance of white-hat and black-hat human bug findings to constitute a major disruption.
simianwords 3 hours ago||
I don't understand your point. How do you make your future code resistant to bugs without LLMs?
layer8 3 hours ago||
That wasn’t the question. The question is how LLM code review is a huge disruptor. What is it disrupting? At best, with regard to code review LLMs just solve the problems that LLMs create.
refulgentis 3 hours ago|||
I did, his argument is that we've already discovered ~50% of all bugs discoverable by LLMs.

I'm treading lightly after you said "did you read it" to OP, I do believe we both understand that argument isn't nearly air-tight. (i.e. it implies either humans get so good at code that bug-introduction-rate falls percipitously, or, LLMs are so awesome they write all of our code bug-free. Neither of which jives with the thesis, that LLM code review is a nothingburger long term)

The best steelman we could say is "he meant 50% of all existing bugs in all currently existing code", which is still incompatible with a time-bound on their usefulness, unless we expect the rate of new code to fall percipitously.

The steelman I'm using, is they're speaking both loosely and strongly and intend us to understand these are strong opinions, held loosely, and they care for us enough to share.

readthenotes1 4 hours ago||
Maybe he's trying to prove the point of why he's ready to retire...
dzonga 2 hours ago||
I think the author is missing a layer of abstraction.

yeah - once regulators come into play - the private ecosystems take over. discord is already a precursor to this.

the era of mass public social networks will come to the end. next it will be just private networks of individuals. likely the won't interact.

how the dynamics play out - I don't know - but if you study history - you will know what behaviors will happen.

luciana1u 30 minutes ago||
we replaced our bikeshed with a JIRA board and now we paint tickets instead, somehow it's worse
r_lee 3 hours ago||
> my personal guess is that the opportunities for anonymity on the Internet will shrink until mothers no longer are forced to have “the talk” when their daughters get their first mobile phone. As the parent of a daughter, I am totally on board with that.

depends on the age but.. they've probably discovered all kinds of shit already or heard about it from others

listic 2 hours ago||
> until mothers no longer are forced to have “the talk” when their daughters get their first mobile phone

I fail do imagine what kind of world is he implying.

elric 3 hours ago|||
I don't think he was talking about "the birds and the bees"-talk, but about the "some random men will send you unsollicited dick pics just because you're a girl"-talk.
sfRattan 3 hours ago||
The attitute expressed in the quote, "until mothers no longer are forced to have 'the talk' when their daughters get their first mobile phone," is both wrong in its assumptions and dangerous for its well-known consequence: the enabling of petty tyranny. Forced, indeed.

There will never be a world populated by humans in which you do not need to have numerous talks with your children about the nature of humans, especially humans they do not know and cannot trust, and about the technology those other humans know how to use. Saying you are forced to do so on account of some particular new technology is like saying you are forced to provision food for yourself on account of this newfangled capitalist system... As if needing to provision food for oneself were not a state of affairs dating back to the dawn of cellular life. And as if the uglier parts of human nature emerge from the smartphone and do not in fact date back to the dawn of humanity as a species.

Demanding everyone on the Internet show their papers to the government so that the author can hand their teenage daughter a free, always-networked pocket computer plus microphone and video camera without having to think about any related risks is an attitude repugnant for its laziness, its entitlement, its delusion, and most of all its contempt for the freedoms of others.

antonvs 59 minutes ago||
Well put.

But the problem is, those same forces you're describing are employed to fool people into believing the fictions that support these regressive movements. The real danger we should be focusing on is "won't someone think of the impressionable adults".

sfRattan 25 minutes ago||
Long term, I think we need computer age fables. As in: stories children can listen to and read growing up to acquire effective instincts about computers and the digital, networked world, rather than trying to apply instincts about the analog world to computers. Inter-human societal complexity has long outstripped our genetically developed instincts, but we've already solved that problem with storytelling and cultural transmission/cultivation of instincts. That solution is as ancient as spoken language.

When humans come to these deeply flawed conclusions about computers, networks, and governments, it's a new case of an old problem. Maybe the old problem is screaming toward us at a new velocity and intensity. But I think we can improve the existing humane cultural solution with new stories for our children, rather than surrendering to the supposed inevitability of government mandates to lock down and restrict general purpose computing to only well identified citizens in good standing. The restriction to "in good standing" almost inevitablty follows from the "well identified."

raincole 4 hours ago||
> the weights of the model—which you have to sell many million times over before you turn a profit—easily fits on contemporary pocket-sized storage devices.

Which model is this author talking about? Which pocket-sized devices? Where can I get them? No one is using Gemma 4 to find cybersecurity issues.

Edit: there are a lot of sentences that I can't distinguish from sarcasm in this article. I guess I read it too seriously.

dgellow 4 hours ago|
He’s talking about storage required for the weights. Not actually running the model.

A large model like Kimi 3 should be something like, 1-2TB? That’s a pocket size hard drive

layer8 3 hours ago||
There are even 2 TB USB thumb drives.
amlib 3 hours ago||
It would even be common for phones to have 2 or more TB integrated had we not been co-opted to move all our data into the cloud.
dgellow 2 hours ago||
Not with the current AI craziness :( We won’t see phones with good storage before a while given the current (completely insane) hardware prices
hinkley 2 hours ago|
> — Day 1-2. Tried $tool out. Oh boy! We have some work to do.

> — Day 3-5. OK, there were a couple of solid bugs there, and a fair number of what were technically bugs, but not actually all that bad.

> — Week 2. I guess that was it?

There are a bunch of tools in the developer toolbox that some people never use, and the opposition use religiously. We are especially bad in this industry at turning things into a boolean where they should be a dial or a continuum. Something about that intro to Logic class either rots our brains or works as a filter to keep most of the philosophers out.

In sports there are drills one does a couple times a month instead of every day. You're trying to harden pathways in the brain to make certain reactions be more automatic, to correct subtle errors and suboptimal answers to problems. You don't do them all the time because they're expensive in some way, like time or danger.

I think this is an area where we miss a lot. I don't do TDD all the time. Maybe a week every couple of months. And it's a split between very hard tasks and very simple ones where I practice it. It's easier to work on first principles on a simple problem, but sometimes when you're stuck on a very difficult one, you have to go back to first principles anyway.

"Difficult" can be further broken down into several categories. 1) I don't know how to solve this, 2) the problem is straightforward but arduous and I don't know if I have the stamina for it, 3) I thought I solved it but it's not working.

TDD is a good way to get yourself into bottom up thinking and 'work the problem' by testing your assumptions one at a time. At the very least you have something to show for your work at the next standup even if the answer still eludes.

Similarly, a linter can be good while you're building up muscle memory for writing code the way the current team thinks it should be written. However, it can be a nightmare when you're trying to do exploratory development to fix a bug. I've landed PRs on two different FOSS projects to run the linter after the unit tests for this very reason. I don't fucking care if the code is Clean right now I only care if I've fixed the NPE that is crashing production. The PR is a problem for an hour from now. I need to make it work and then I can make it right.

More comments...