Readit News logoReadit News
billbrown commented on How we exploited CodeRabbit: From simple PR to RCE and write access on 1M repos   research.kudelskisecurity... · Posted by u/spiridow
mook · 14 days ago
There's also no reason why they needed to have write access to post code review comments. But for some reason they ask for it and you can't deny that part when hooking up their thing.
billbrown · 13 days ago
The bunny will often include patches in its replies that the PR author can commit. I've never been clear as to which of us is doing the committing but that could be the need for write access. (I always do it myself but I can see how some might prefer the convenience.)

They should really mass revoke that privilege because I can't see any upside to it. Unless they have a plan for some future state where they will want write access?

billbrown commented on Apple and Amazon will miss AI like Intel missed mobile   gmays.com/the-biggest-bet... · Posted by u/gmays
orbifold · 15 days ago
I think it is a given that they are aiming for a fully custom training cluster with custom training chips and inference hardware. That would align well with their abilities and actually isn't too hard to pull off for them given that they have very decent processors, GPUs and NPUs already.
billbrown · 15 days ago
They're working—almost done—on a CUDA backend for their Apple Silicon framework:

https://github.com/ml-explore/mlx/pull/1983

billbrown commented on Ferrari Status   collabfund.com/blog/ferra... · Posted by u/surprisetalk
potatolicious · a month ago
> "Respectfully disagree. Which oil-rich Sheikh did you see who only has one supercar in their garage and not all of those you listed?"

Except this isn't the main market for Ferrari, McLaren, Lambo, et al. There are maybe a few dozen people on this planet who fit into that kind of stratospheric wealth.

The bulk of their sales are to the "merely multi-millionaire" rich - your business executive, late-career law partner, guy who owns a chain of dental practices, etc. These are people who are not exactly scrimping and saving for their Ferrari, but certainly don't have the infinite money cheat code.

If you think Ferrari's sales ledger is consisted mainly of oil barons and other billionaires, I dunno what to tell you.

billbrown · a month ago
The oil sheikh with dozens of supercars is what drives the mega rich to aspire to own two supercars and the deka rich to fret about maybe buying their first one.
billbrown commented on HathiTrust Digital Library   hathitrust.org/... · Posted by u/djoldman
philipkglass · 2 months ago
HathiTrust is much better than Google Books about allowing access to works that are no longer under copyright in the United States. Under US law, everything published 1929 and before is currently in the public domain. But there are a lot of special cases where 20th century works published after 1929 are also in the public domain:

https://guides.library.cornell.edu/copyright/publicdomain

Google Books appears to follow the blanket 1929 rule, or did the last time I looked. HathiTrust has cleared the copyright status for many additional works following the more complex rules, e.g.

"Drawing Birds" by Joy Postle, 1953:

https://babel.hathitrust.org/cgi/pt?id=nyp.33433115876140&se...

Unfortunately, the Google-originated scans that HathiTrust has come with special restrictions. Google itself required that only people associated with the academic libraries could download whole books as a unit, even for works that are in the public domain:

https://hathitrust.atlassian.net/servicedesk/customer/portal...

Fortunately, members of the public can download individual page scans without any special affiliation. People have naturally written tools to automate this process so that full books can be reassembled and then uploaded to the Internet Archive or other book sites.

Google Books has a much faster and sometimes better search interface, so a common flow I use is to search Google Books for terms and then go to HathiTrust to read inside books that Google Books surfaced but won't show.

EDIT: corrected 1926 to 1929 per cxr's comment below.

billbrown · 2 months ago
This is very helpful context. I have disparaged HathiTrust in my mind for several of these public domain problems and it makes sense that it's actually a Google Books problem.
billbrown commented on I'm dialing back my LLM usage   zed.dev/blog/dialing-back... · Posted by u/sagacity
billbrown · 2 months ago
The use case for LLM assistance that provides value for me is solving obscure lint or static analysis warnings and errors.

I take the message, provide the surrounding code, and it gives me a few approaches to solve them. More than half the time, the resolution is there and I can copy the relevant bit in the literal verbiage. (The other times it's garbage but at least I can see that this is going to require some AI—Actual Intelligence.)

billbrown commented on Claude Code now supports hooks   docs.anthropic.com/en/doc... · Posted by u/ramoz
dmix · 2 months ago
That’s great. Regardless of the naysayers about AI hype in tech, it was a major development for general society even if this is all it ends up being.
billbrown · 2 months ago
It remains to be seen whether it's a net value once the VC firehose dries up and the true costs are revealed. It's quite possible that the profitable price is not worth it for most companies.
billbrown commented on How linear regression works intuitively and how it leads to gradient descent   briefer.cloud/blog/posts/... · Posted by u/lucasfcosta
mhb · 4 months ago
Kagi FTW?
billbrown · 4 months ago
That was my initial thought, too. But I didn't know what the original Google search consisted of and the site didn't show up in a couple Kagi searches I tried. (Aside from the obvious titular one, of course.)
billbrown commented on Try Switching to Kagi   daringfireball.net/2025/0... · Posted by u/Ch00k
billbrown · 4 months ago
For me (a multi-year paying subscriber), one of the many indications of Kagi's difference is a) that it has a changelog and b) that the changelog shows so much granular work.

https://kagi.com/changelog

billbrown commented on Try Switching to Kagi   daringfireball.net/2025/0... · Posted by u/Ch00k
sylens · 4 months ago
Curious, I just tried it for the first time. Install Kagi Extension for Safari from the App Store, open up Safari, go to Manage Extensions, turn it on. Then tap it in the extensions menu and accept permissions. Then it works.

Not one click but by no means a byzantine process

billbrown · 4 months ago
Orion (made by Kagi) is a WebKit-based browser that eliminates the need for an extension.
billbrown commented on Launching RDAP; sunsetting WHOIS   icann.org/en/announcement... · Posted by u/radeeyate
kbolino · 6 months ago
There are two problems with this comparison. First, probabilistic prime generation has a mathematically proven lower bound that improves with iteration. There is no comparably robust tuning parameter with an LLM. You can use a different model, you can use a bigger variant of the same model, etc., but these all have empirically determined and contextually sensitive reliability levels that are not otherwise tunable. Second, the prime generation function will always give you an integer, and never an apple, or a bicycle, or a phantasm. LLMs regurgitate and hallucinate, which means that a simple error rate is not the only metric that matters. One must also consider how egregiously wrong and even nonsensical the errors can be.
billbrown · 5 months ago
I compare LLMs to a door with a slot where you put a piece of paper with a request on it and you get something back related to that request. If it's the same every time, great. But it might be different or completely wrong. You don't know what goes on behind the door and measuring the error rate tells you little predictive.
b

u/billbrown

KarmaCake day262January 24, 2013
About
[ my public key: https://keybase.io/bbrown; my proof: https://keybase.io/bbrown/sigs/UL_NLEplhcBoqISg-4lgeOnYSmaD-KpGiwrS3fKyYvA ]
View Original