Readit News logoReadit News
Roguelazer commented on Grief and the AI split   blog.lmorchard.com/2026/0... · Posted by u/avernet
Roguelazer · 3 days ago
The important thing to remember is that for a large number of people (in the US), "work" is a place where they do things that they hate for eight hours a day, for people they hate (surveys routinely show between 40% and 60% of people are "satisfied" with their jobs). Those of us who are in the tech industry because we like actually programming computers (the "craft-lovers", in the parlance of this blog post) have been lucky enough to have jobs where where we get to actually do something we enjoy (even if it's intermingled with meetings and JIRA). If AI slop really is the future and programming becomes as rare of a job as hand-building wood furniture, then most of us are going to be living the normal experience of capitalism in a way that we are probably not well-prepared for.

Personally, I have noticed that I still produce substantially more and better code than the people at my company spending all day writing prompts, so I'm not too worried yet, but it seems plausible at some point that a machine that stole every piece of software ever written will be able to reliably turn a few hundred watt-hours of of electricity into a hallucination-free PR.

Roguelazer commented on Grief and the AI split   blog.lmorchard.com/2026/0... · Posted by u/avernet
operatingthetan · 3 days ago
>This is going to blow up.

We are way past wringing our hands over agentic engineering. Every startup and all fast moving companies are onboard. They don't hand code anymore. There will not be some code quality crisis that will stop everyone in their tracks. I'm trying to cope with this too, but I don't think the best path is praying for failure.

Roguelazer · 3 days ago
That's absolutely not true. The places that have embraced "agentic engineering" are mostly garbage factories, and lots of places, including plenty of startups and fast-moving companies are staying off of this trend. I recognize that most of the people on this site are just trying to self-promote for their own gig, but the level of misinformation is sometimes just staggering.
Roguelazer commented on How we automated federal retirements   ndstudio.gov/posts/automa... · Posted by u/caseysoftware
Roguelazer · 3 months ago
So what's going to happen in 3 years after these startup bros have left government, none of the frameworks they're using are supported any more, and nobody in the office that they parachuted into is trained to maintain whatever spaghetti they crapped out over three months of all-nighters? There's a reason that we don't build critical infrastructure by giving it to some guy whose entire accomplishments are "working at Airbnb for 10 years"
Roguelazer commented on Email verification protocol   github.com/WICG/email-ver... · Posted by u/sgoto
cyberax · 4 months ago
With DCR (dynamic client registration) you can have an unlimited number of providers. Basically, just query the well-known endpoint and then use regular OAuth with a random secret.

There's also a proposal to add stateless ephemeral clients.

Roguelazer · 4 months ago
DCR is cool, but I haven't seen anyone roll it out. I know it has to be enabled per-tenant in Okta and Azure (which nobody does), and I don't think Google Workspace supports it at all yet. It's a shame that OIDC spent so long and got so much market-share tied to OAuth client secrets, especially since classic OpenID had no such configuration step.
Roguelazer commented on Show HN: Small Transfers – charge from 0.000001 USD per request for your SaaS   smalltransfers.com/... · Posted by u/strnisa
Roguelazer · 6 months ago
Some API questions/observations

- I don't see an idempotency key in the request to authorize a charge; that might be something nice for people looking to build reliable systems on this. - How long are accessTokens valid? Forever? Do they become invalid if the subject metadata (firstName, lastName, email) changes?

I think this is a super-cool idea, but I think the idea of extending net30 terms to every customer of some B2C product seems pretty iffy; since you're deferring charging until the end of the month, you won't get most of the fraud signals from Stripe until then and anything popular that used this system seems like it'd be pretty inundated with fraud. I would at least consider doing the charges more frequently (i.e., charge at the end of the month or every $50, whichever comes first) to put a better bound on how long you can go before finding out that someone gave you a stolen card.

Roguelazer commented on The origin story of merge queues   mergify.com/blog/the-orig... · Posted by u/jd__
Roguelazer · 6 months ago
I think this is ignoring a lot of prior art. Our deploys at Yelp in roughly 2010 worked this way -- you flagged a branch as ready to land, a system (`pushmaster` aka `pushhamster`) verified that it passed tests and then did an octopus merge of a bunch of branches, verified that that passed tests, deployed it, and then landed the whole thing to master after it was happy on staging. And this wasn't novel at Yelp; we inherited the practice from PayPal, so my guess is that most companies that care at all about release engineering have been doing it this way for decades and it was just a big regression when people stopped having professional release management teams and started just cowboy pushing to `master` / `main` on github some time in the mid 2010's.
Roguelazer commented on We all dodged a bullet   xeiaso.net/notes/2025/we-... · Posted by u/WhyNotHugo
Dilettante_ · 6 months ago
This is the Way. To minimize attack surface, the senders of authentic messages should straight-up avoid putting links to "do the thing" in the message. Just tell the user to update their credentials via the website.
Roguelazer · 6 months ago
For most users, that'll just result in them going to Google, searching for the name of your business, and then clicking the first link blindly. At that point you're trusting that there's no malicious actors squatting on your business name's keyword -- and if you're at all an interesting target, there's definitely malvertising targeting you.

The only real solution is to have domain-bound identities like passkeys.

Roguelazer commented on Web fingerprinting is worse than I thought (2023)   bitestring.com/posts/2023... · Posted by u/xrayarx
Roguelazer · 8 months ago
It's really "cool" when you get vendors like 6sense that combine browser fingerprinting with semi-licit data brokers to do full deanonymization of visitor traffic. Why bother doing marketing when you can just get a report of the name, email address, mailing address, and creditworthiness of every person who's visited your website?

I've seen people argue with a straight face that these tools and their reports don't run afoul of GDPR/CCPA because they don't involve information that a user gave you on purpose, so it's not protected. Ghouls, all of them.

Roguelazer commented on The death of partying in the USA   derekthompson.org/p/the-d... · Posted by u/tysone
shawndrost · 8 months ago
Does anyone know why "Hours spent in childcare" started skyrocketing in the 1990s? Here is the graph from the article: https://substackcdn.com/image/fetch/$s_!2g7_!,w_1456,c_limit...
Roguelazer · 8 months ago
It does seem like there's something wrong with that data; I find it somewhat implausible that the average parent was only caring for their child for 1.7 hours a day in 1985; even if you assume that all of the tween and teens were free-range and only got an hour or two of parenting a day, little kids have always required nonstop attention to make sure that they're not actively dying.

Although... the infant mortality rate in the US has dropped by more than 50% since 1985, so who knows...

Roguelazer commented on The death of partying in the USA   derekthompson.org/p/the-d... · Posted by u/tysone
asdff · 8 months ago
The sprawl of suburbia isn't so much outside the top 5-10ish cities. Even "growing" places like Columbus OH in the midwest, you can go from cornfield to cornfield across the built environment in probably 25 miles and about as many minutes on the freeway network that is entirely uncongested since it is so overbuilt for the population (unlike in those top 5 places where it may be underbuilt). By and large that is how the bulk of the country looks and operates. The idea that you'd drive an hour and still be in the same metro region is this big exception that people living in that exception assume must be the norm, but really isn't.
Roguelazer · 8 months ago
I mean, ~90M people live in one of the top 10 metro areas, which is about ¼ of the country. Not sure that I'd necessarily call that an "exception".
R

u/Roguelazer

KarmaCake day141July 1, 2010
About
https://www.roguelazer.com

keyoxide: openpgp4fpr:24F8AA354990F3F562EC014BC6496DEB3DA8E9B5

View Original