Readit NewsTDiblik commented on My VM is lighter (and safer) than your container (2017) dl.acm.org/doi/10.1145/31... · Posted by u/fanf2
If this were true, then wouldn't folks just need an application binary that statically links all of its required libraries and resources into a giant, say, ELF? Why even bother with a container?
First thing that comes to mind is the need to link against libraries across platforms. Imagine that my app depends on opencv, if I wanted to statically link everything on my Windows machine, I need to compile opencv for Linux on my windows machine (or use pre-compiled binaries). Also, if you link against libraries dynamicaly, it's likely you can compile them on the host machine (or in a container) with more optimizations enabled. And the last thing is probably the ability to "freeze" the whole "system" environment (like folders, permissions, versions of system libraries).
Personally, I use containers to quickly spin-up different database servers for development or as an easy way of deployment to a cloud service...
TDiblik commented on More than 80 AI models from Qualcomm huggingface.co/qualcomm... · Posted by u/Brajeshwar
> The source code would include everything needed to train that model and reproduce it.
You know these models are trained on internet scrape which contains copyrighted content, so the dataset can't be open sourced. It's either this or bad models.
In theory, you must have written some code to train the models + download the data ... just openning this code + adding logging to store the sources trained on, you could achieve trully "open source" (anybody can now go and scrape + train the same way you did and achieve the same outcome/model)
I'm not saying "opening models is bad", it's good. However imo it would be nice to have a semantic way to differentiate between those two
TDiblik commented on Ask HN: What are good books/blogs to read for a first time CTO? · Posted by u/kanodiaashu
Depends on what you're into:
romance: i would suggest "Looking for Alaska" by John Green or "Pierre et Luce" by Romain Rolland
fantasy: The Way Of Kings by Brandon Sanderson or "Blackout" by Marc Elseberg
life advice ig?: "The Algebra of Happiness" by Scott Galloway
... never been a CTO xd
> Tool to automate downloading and submitting advent of code problems.
Well... the biggest use case I can think of is automated, AI assisted, problem solving. Which isn't really aligned with the spirit of AOC. In fact they politely asked people not to, if I'm not mistaken.
the first usecase I thought about was the tryhards that want to save every second :D ... idk there could be a legitimate usecase
TDiblik commented on A coder considers the waning days of the craft newyorker.com/magazine/20... · Posted by u/jsomers
as a high school student, I'm more hesitant to go into CS degree not because of chatgpt but because it is constantly marketed as a high income job and A LOT of people are choosing/learning it. I wonder if it's gonna be the same in 10 years or so. Chatgpt/copilot make stuff easier and there are only so much CRUD apps to be made :/
Can someone with OAuth expertise explain this issue in a few more details, as I've read the blog a few times, but still don't understand the actual vulnerability.
From my very limited OAuth knowledge isn't this how it works:
1. The Harvest application asks Microsoft to verify a user. 2. The user is verified by Microsoft. 3. If the user verification is successful Microsoft redirects back to the callback URL, passing back the access token inside the body of the response message.
In this case hasn't the writer of the blog just created a hand-crafted URL so that the return is back to example.com rather than the actual return URL?
hi ^^, limited knowledge as well, however I'm pretty sure the issue is that Harvest allows all urls to be used as callback urls. You should tell microsoft to allow only certain urls as callbacks. eg, when setting up the workflow, they probably used a wildcard as an allow list of callback urls, instead of creating an actual list of trusted callback urls. I think that's what's happening here, could be totally wrong tho :D
I've finished the core logic like a half a year ago, haven't had the time to add GUI yet -> https://github.com/TDiblik/deps-graph
It can automatically generate the route + the route path parameters. If you wanna provide more info, I've created a simple interface that wraps the fiber's router and isn't too annoying ... or you can use `gofiberswagger.RegisterRoute()` to add the definition on your own (without touching the existing code).
The library uses reexported github.com/getkin/kin-openapi types, that means that you can specify ANY openapi field you wanna (not only in routes, but also in the general config, eg. auth / security schemes / title / openapi version / etc).
I've implemented it into some of my personal projects and tbh I love it, that's why I decided to share it with y'all. I know about swaggo/swag, however I don't like how my code looks while using it.
I've created some basic examples inside the `/examples/` folder, so be sure to check them out! Any feedback would be appreciated.