TheSwordsman (u/TheSwordsman)

TheSwordsman commented on Trump exempts phones, computers, chips from ‘reciprocal’ tariffs bloomberg.com/news/articl... · Posted by u/tosh

cinbun8 · 5 months ago

From an outsider’s perspective, it’s difficult to discern any coherent U.S. strategy—assuming one even exists. One day it’s a 145% tariff on China. The next, it’s “Well, it’s still 145%, but Apple and Nvidia are exempted because their stock prices might take a hit.” Then comes a 90-day pause, adding to the confusion.

It’s not clear whether Jamieson Greer is actually steering this, or if any of it was thoroughly thought through.

TheSwordsman · 5 months ago

As an American, I regret to inform you that you're trying to use logic to understand a situation where it seems like logic wasn't used (in terms of the economic impact). These are the same fuckwits that tried to claim a trade deficit is the same as a tariff.

TheSwordsman commented on AI can't stop making up software dependencies and sabotaging everything theregister.com/2025/04/1... · Posted by u/cmsefton

simonw · 5 months ago

As an "AI apologist", sorry to disappoint but the answer here isn't better prompting: it's code review.

If an LLM spits out code that uses a dependency you aren't familiar with, it's your job to review that dependency before you install it. My lowest effort version of this is to check that it's got a credible commit and release history and evidence that many other people are using it already.

Same as if some stranger opens a PR against your project introducing a new-to-you dependency.

If you don't have the discipline to do good code review, you shouldn't be using AI-assisted programming outside of safe sandbox environments.

(Understanding "safe sandbox environment" is a separate big challenge!)

TheSwordsman · 5 months ago

Yep. The issue is most people I've seen who lean most on these tools do not have that discipline.

TheSwordsman commented on AI can't stop making up software dependencies and sabotaging everything theregister.com/2025/04/1... · Posted by u/cmsefton

akdev1l · 5 months ago

One time some of our internal LLM tooling decided to delete a bunch of configuration and replace it with: “[EXISTING CONFIGURATION HERE]”

Lmfaooo

TheSwordsman · 5 months ago

Hahahaha. That's actually amazing.

TheSwordsman commented on AI can't stop making up software dependencies and sabotaging everything theregister.com/2025/04/1... · Posted by u/cmsefton

TheSwordsman · 5 months ago

I'm waiting for the AI apologists to swarm on this post explaining how these are just the results of poorly written prompts, because AI could not make mistakes with proper prompts. Been seeing an increase of this recently on AI-critical content, and it's exhausting.

Sure, with well written prompts you can have some success using AI assistants for things, but also with well-written non-ambiguous prompts you can inexplicably end up with absolute garbage.

Until things become consistent, this sort of generative AI is more akin to a party trick than being able to replace or even supplement junior engineers.

TheSwordsman commented on I Stopped Using Kubernetes. Our DevOps Team Is Happier Than Ever blog.stackademic.com/i-st... · Posted by u/yarapavan

jumpoddly · 9 months ago

> 2 team members quit citing burnout

And I would have gotten away with it too if only someone would rid me of that turbulent meddling cluster orchestration tooling!

TheSwordsman · 9 months ago

Yeah, I'd bet their burnout risks aren't going to go away by just replacing k8s with ECS.

I also hope they have a good support contract with AWS, otherwise they are going to be in for a fun surprise when ECS has some weird behavior or bug.

TheSwordsman commented on Goodbye to an old spreadsheet rubenerd.com/goodbye-to-a... · Posted by u/Tomte

TheSwordsman · a year ago

Maybe it's just me, but it was a bit of a disappointing read when the author decided not to provide any details about what's replacing it. Would have loved to hear a bit more about the decision to move.

Although, considering the author mentioned a loan with a partner maybe they were trying to rebuild it in Google Docs or something so they could more-easily see it together.

TheSwordsman commented on Tesla Cybertruck Pricing and Specs tesla.com/cybertruck/desi... · Posted by u/futureisnow23

nosequel · 2 years ago

I would like to know the range when towing 11,000 lbs. In the full size market, I can only think of the Nissan Titan as having less than 12,000 lb tow rating. A base Ford F150 has a 14,000 rating. When you move up to diesels, you can easily tow 20,000+ lbs and even at 10,000 lbs you take very little hit on range if your load is somewhat aerodynamic. Pulling a full-size Airstream you can still get 20+mpg even in a small diesel like in the Chevy Colorado.

Other folks mentioned the frame or brakes as the reason for the low tow rating. I imagine the cybertruck has a strong frame, Tesla has never gone cheap when it came to that sort of thing, and I'm sure the braking is fine for small loads. Most big loads require the trailer to have its own braking anyway, so that's almost a moot point, even in the biggest truck, I'm not pulling over 10,000 lbs without a proper brake controller. I'm guessing they set the rating at 11,000 lbs because anything over that and you probably end up with a very expensive 30 mile battery range. I would initially compare the cybertruck to something like a Tacoma which has more like a 7,000 lb towing capacity, but then you look at the weight of a cybertruck at 6800 lbs, the damn thing is nearly 2000 lbs heavier than a base F150. The curb weight of the biggest F150 you can get is only 5800 lbs, still 1,000 lbs lighter than the cybertruck.

TheSwordsman · 2 years ago

The 11,000 may be limited by the suspension system.

So in terms of comparisons I don't think you're wrong, but it might be better to compare it to the F-150 Lightning for more of an apples to apples comparison. The F-150 Lightning Platinum vs Cybetruck AWD is probably the most fair comparison in terms of specs, but the CT is ~$20,000 cheaper

If we compare the F-150 Lightning Lariat with XR Battery to the Cybertruck AWD, because of price:

F-150:

Range: 320mi

Towing: 7,700lbs

Curb Weight: 6,361lbs

---

CT:

Range: 340mi

Towing: 11,000lbs

Curb Weight: 6,603lbs

---

F-150 Lighting Platinum to CT Cyberbeast, because of price:

F-150:

Range: 300mi

Towing: 8,500lbs

Curb Weight: 6,893lbs

---

CT:

Range: 320mi

Towing: 11,000lbs

Curb Weight: 6,843lbs

TheSwordsman commented on Ask HN: Git hosting sites that do not require 2FA? · Posted by u/sergiotapia

zyrthofar · 2 years ago

If your password manager gets compromised, sure, but if someone gets access to a website's database with password hashes, the 2fa is a pretty big part that they're missing.

TheSwordsman · 2 years ago

This does assume they aren't able to also compromise the encryption key used to protect the secret:

https://news.ycombinator.com/item?id=10845985

https://news.ycombinator.com/item?id=11136948

TheSwordsman commented on Ask HN: Git hosting sites that do not require 2FA? · Posted by u/sergiotapia

IshKebab · 2 years ago

How does that work? Isn't the second factor normally a text message to your phone?

TheSwordsman · 2 years ago

It's extremely risky to use MFA via text messages, due to the commonality of SIM swap attacks. Attacker calls your cell phone provider, executes a social engineering attack to authenticate as you, and can now route your phone calls and text messages to a device they own. It's a good idea to avoid SMS/Phone MFA.

If you use a token generator (Google Authenticator, Authy, or the one built into products like 1Password), a shared secret key is used to generate the MFA token. You store this secret in that software, and it uses the current time + that secret key to generate the MFA token.

This is a far better mechanism than the SMS or phone call based approach. And in this mechanism you can store the secret in any software that's able to generate the token using that algorithm.

Most commonly it's this algorithm: https://datatracker.ietf.org/doc/html/rfc6238

TheSwordsman commented on Ask HN: Git hosting sites that do not require 2FA? · Posted by u/sergiotapia

chungy · 2 years ago

> Browser-integrated password managers can autofill 2FA for you

Meaning that it defeats the entire point of 2FA. 2FA used in this way is only security theater.

TheSwordsman · 2 years ago

So as I mentioned in another comment, it's not entirely security theater. If the site enforces that an MFA token is truly one time use, then this can prevent replay attacks of your credentials being used to create a new session.

If someone compromised your password store, then yeah it's all over. But if the compromise happens elsewhere, it can be a useful layer to the security onion.