This is so prominent in the cultural consciousness that it was lampooned in this week episode of south park, where Randy Marsh goes on a chatgpt (and ketamone) fueled bender and destroys his business.
Readit NewsEE84M3i commented on Being “Confidently Wrong” is holding AI back promptql.io/blog/being-co... · Posted by u/tango12
EE84M3i commented on Vendors that treat single sign-on as a luxury feature sso.tax/... · Posted by u/vinnyglennon
Not to defend this practice, but SSO does tend to produce an additional support burden. It's complex, there are many knobs to fiddle with and it can be tedious to figure out if the customer (via configuration, or their identity provider itself) or the vendor are at fault for an issue.
Just had an issue today, I'm reasonably sure it's the customer's fault. But I also misread the spec earlier and was wrong about some parts that worked out of the box with one identity provider, but not another one. So who knows. Okay, I assume this parts gets better once your SSO implementation gets older, but it's a pain when you're starting out with it.
Is there a go-to vendor/library that handles this (OIDC, SAML, SCIM) for SaaS services these days? Just like how everyone uses stripe for billing, everyone uses <vendor> for auth?
Seems like an opportunity for a coworking-lite space -- rent a seat/desk spot for 1 hour blocks.
Co-working spaces of all types are ubiquitous in Tokyo FWIW. Near my midsize station I had about 10 different providers in a 10 minute walking radius, some with multiple locations even!
Most have a selection of plans to choose from: hourly, daily, monthly, etc
I chose a bit more upscale one without a fixed seat. I pay ¥1100 (7.5 USD) I think for each day I use it, with a monthly minimum spend of ¥2200. It comes with free mediocre coffee/tea. It is consistently clean and library quiet as people follow the posted rules including minding the volume of their typing and headphones.
I would be surprised if the situation in Seoul was significantly different.
EE84M3i commented on Ask HN: Have you ever regretted open-sourcing something? · Posted by u/paulwilsonn
Anthropic has a tough alignment interview. Like I aced the coding screener but got rejected after a chat about values. I think they want intense people on the value/safety side as well as the chops.
What does being "intense" on the safety side mean? High risk taking with AI safety or low?
EE84M3i commented on IRS head says free Direct File tax service is 'gone' theverge.com/news/717308/... · Posted by u/microsoftedging
Is there any impact on Free Fillable Forms?
EE84M3i commented on Shallow water is dangerous too jefftk.com/p/shallow-wate... · Posted by u/surprisetalk
I didn't know what a wave pool is (I've never been to a water park) but they do seem like an awful idea . Wikipedia says they can be hard to lifeguard:
Safety
Wave pools are more difficult to lifeguard than still pools as the moving water (sometimes combined with sun glare) make it difficult to watch all swimmers. Unlike passive pool safety camera systems, computer-automated drowning detection systems do not work in wave pools.[11] There are also safety concerns in regards to water quality, as wave pools are difficult to chlorinate.
In the 1980s, three people died in the original 8-foot-deep (2.4 m) Tidal Wave pool at New Jersey's Action Park, which also kept the lifeguards busy rescuing patrons who overestimated their swimming ability. On the wave pool's opening day, it is said up to 100 people had to be rescued.[12]
It's strange that note about chlorination doesn't have a reference. I wonder what makes wave pools difficult to chlorinate?
EE84M3i commented on Google spoofed via DKIM replay attack: A technical breakdown easydmarc.com/blog/google... · Posted by u/frasermarlow
The other reason is: If a user figures out a way to upload javascript and have it work, you don't want them to steal other users' login cookies.
This is why your gmail attachments should show up on googleusercontent.com instead of google.com
Many years ago, some naive websites would let users upload images, but wouldn't validate their content; and some browsers would ignore file content type headers if they had a better guess. So an attacker could rename a .html to a .jpg, upload it as your user profile image, then direct people to www.example.com/avatars/eviluser.jpg and they'd get a HTML page and run its javascript.
That's why, to this day, you sometimes see websites sending the header "X-Content-Type-Options: nosniff" which tells Internet Explorer 8 not to guess the content type.
SVGs are also images that can contain scripts if not validated.
It's also relevant that github.io is on the public suffic list, which impacts a bunch of downstream things and isolates the subdomains from each other.
EE84M3i commented on There is no memory safety without thread safety ralfj.de/blog/2025/07/24/... · Posted by u/tavianator
PIE code is different than PIC. PIE can assume no interposition.
Sorry what do you mean by "symbol interpolation" and "interposition" in this context?
Natively I would assume you can just take the sections out of the shared object and slap them into the executable. They're both position independent so what's the issue?
If PIE allows greater assumptions to be made by the compiler/linker than PIC that sounds great for performance, but doesn't imply PIC code won't work in a PIE context.