Readit News logoReadit News
bumblehean commented on We should all be using dependency cooldowns   blog.yossarian.net/2025/1... · Posted by u/todsacerdoti
BrenBarn · a month ago
> The practical problem with this is that many large organizations have a security/infosec team that mandates a "zero CVE" posture for all software.

The solution is to fire those teams.

bumblehean · a month ago
Sure I'll go suggest that to my C-suite lol
bumblehean commented on We should all be using dependency cooldowns   blog.yossarian.net/2025/1... · Posted by u/todsacerdoti
layer8 · a month ago
People in this thread are worried that they are significantly vulnerable if they don't update right away. However, this is mostly not an issue in practice. A lot of software doesn't have continuous deployment, but instead has customer-side deployment of new releases, which follow a slower rhythm of several weeks or months, barring emergencies. They are fine. Most vulnerabilities that aren't supply-chain attacks are only exploitable under special circumstances anyway. The thing to do is to monitor your dependencies and their published vulnerabilities, and for critical vulnerabilities to assess whether your product is affect by it. Only then do you need to update that specific dependency right away.
bumblehean · a month ago
>The thing to do is to monitor your dependencies and their published vulnerabilities, and for critical vulnerabilities to assess whether your product is affect by it. Only then do you need to update that specific dependency right away.

The practical problem with this is that many large organizations have a security/infosec team that mandates a "zero CVE" posture for all software.

Where I work, if our infosec team's scanner detect a critical vulnerability in any software we use, we have 7 days to update it. If we miss that window we're "out of compliance" which triggers a whole process that no one wants to deal with.

The path of least resistance is to update everything as soon as updates are available. Consequences be damned.

bumblehean commented on Microsoft makes Zork open-source   opensource.microsoft.com/... · Posted by u/tabletcorry
monkeywork · a month ago
Where do you get that the announcement was written by an LLM - they list the authors of the article on the page.
bumblehean · a month ago
"When Zork arrived, it didn’t just ask players to win; it asked them to imagine"

Literally the first sentence.

bumblehean commented on A new documentary about the history of forced psychiatric treatment in Spain   bbc.co.uk/news/articles/c... · Posted by u/binning
mothballed · a month ago
Lol this is the USA. I've been interrogated when a stranger drove past my rather remote property, in the middle of nowhere, and saw that my child was walking about 50 feet "by herself" on her own fucking property(I was actually watching her, just from further away, so I was able to intervene before they called CPS).

Welcome to America where you must watch the kid every second until they turn 18, except at the moment they turn 18 they must be booted from the house to figure everything out all at once with nothing more than a minimum wage job, a gun, and rents that reach the stratosphere.

bumblehean · a month ago
>Welcome to America where you must watch the kid every second until they turn 18

This must be a regional thing?

I live in New England and I always see kids out and about with no adults around supervising. Especially from 1-3PM on weekdays when school lets out. Maybe a side-effect of walkable infrastructure.

bumblehean commented on Notes on Managing ADHD   borretti.me/article/notes... · Posted by u/amrrs
kamranjon · 4 months ago
Just a heads up, Ive taken stimulants on and off as a treatment for ADHD for many years but my body/emotional health always felt compromised as a result. I've recently started on a non-stimulant ADHD medication called Atomoxetine and so far it has not had the emotional blunting, irritable effect of stimulants at all, and I haven't noticed any negative effects so far. It seems to help me get over the hump of being able to start things and stay with them which has always been my biggest downfall. We will see if I stick with it, but just wanted to mention that there are alternatives. There is also another medication called Guanfacine that I may try if this current medication does not work out - I don't think I can go back to stimulants.
bumblehean · 4 months ago
Interesting! I'll be sure to ask my doctor about those options
bumblehean commented on Notes on Managing ADHD   borretti.me/article/notes... · Posted by u/amrrs
siva7 · 4 months ago
This is one of the best linked articles about ADHD i've seen on HN. Especially because it gets quickly to the most important point which often times is still neglected:

> The first-line treatment for ADHD is stimulants. Everything else in this post works best as a complement to, rather than as an alternative to, stimulant medication. In fact most of the strategies described here, I was only able to execute after starting stimulants. For me, chemistry is the critical node in the tech tree: the todo list, the pomodoro timers, etc., all of that was unlocked by the medication.

This means: You do have to see a physician and psychologist to get diagnosed and to get a therapy plan. Just reading articles or books about managing ADHD won't do the trick.

bumblehean · 4 months ago
I really wish my body could tolerate stimulants.

I tried the major ones (Adderall, Ritalin, Vyvanse, Concerta, etc.). They all made dealing with ADHD significantly easier, but even at the lowest doses they turned me into an extremely anxious and irritable person. I had never experienced anything close to a panic attack or nervous breakdown in my 30+ years of being alive until I started taking stimulant medication.

I decided that living with untreated ADHD was the better alternative, so now I'm back to copious amounts of coffee to deal.

bumblehean commented on Things that helped me get out of the AI 10x engineer imposter syndrome   colton.dev/blog/curing-yo... · Posted by u/coltonv
lvl155 · 4 months ago
Counter: you are looking at it wrong. You can get work done in 1/2 of the time it used to. Now you got 1/2 of the day to just mess around. Socialize or network. It’s not necessarily that you’re producing 2x.
bumblehean · 4 months ago
> You can get work done in 1/2 of the time it used to. Now you got 1/2 of the day to just mess around. Socialize or network.

This has never been the case in any company I've ever worked at. Even if you can finish your day's work in, say, 4 hours, you can't just dip out for the other 4 hours of the day.

Managers and teammates expect you to be available at the drop of a hat for meetings, incidents, random questions, "emergencies", etc.

Most jobs I've worked at eventually devolve into something like "Well, I've finished what I wanted to finish today. I could either stare at my monitor for the rest of the day waiting for something to happen, or I could go find some other work to do. Guess I'll go find some other work to do since that's slightly less miserable".

You also have to delicately "hide" the fact that you can finish your work significantly faster than expected. Otherwise the expectations of you change and you just get assigned more work to do.

bumblehean commented on Tokens are getting more expensive   ethanding.substack.com/p/... · Posted by u/admp
ajb · 4 months ago
Are you using separate accounts per use case? That's the only real way to get a cost breakdown, otherwise you have no idea what piece of infrastructure is for what. They provide a tagging system but it's only informative if someone spends several hours a month tracking down the stuff that didn't get tagged properly.
bumblehean · 4 months ago
> They provide a tagging system but it's only informative if someone spends several hours a month tracking down the stuff that didn't get tagged properly.

The way to deal with this is with an org-level Service Control Policy that enforces the tagging standards.

A resource doesn't have the right tags associated with it? It can't be created.

https://docs.aws.amazon.com/organizations/latest/userguide/o...

Posted by u/bumblehean 6 months ago
Debugging Azure Networking for Elastic Cloud Serverlesselastic.co/observability-...
bumblehean commented on Senior Developer Skills in the AI Age   manuel.kiessling.net/2025... · Posted by u/lamp_book
necovek · 8 months ago
Logging configuration is done at import time for "utils" module.

Imagine code like this:

main.py:

  import logging
  logging.basicConfig(...)

  logging.info("foo") # uses above config
  
  if __name__ == "__main__":
      import utils # your config is overridden with the one in utils
      logging.info("bar") # uses utils configuration
      ...
Or two "commands", one importing utils and another not: they would non-obviously use different logging configuration.

It gets even crazier: you could import utils to set the configuration, override it, but a second import would not re-set it, as module imports are cached.

Basically, don't do it and no unexpected, confusing behaviour anywhere.

bumblehean · 8 months ago
As a non Python developer, what would be the use-case(s) for importing a module inside of the main function instead of importing it at the top of main.py with the others?
b

u/bumblehean

KarmaCake day50April 5, 2025View Original