Readit News logoReadit News
davej commented on Teaching my neighbor to keep the volume down   idiallo.com/blog/teaching... · Posted by u/firefoxd
davej · 9 days ago
I had a housemate in college who used to party until all hours, bring people back at 3AM and put on loud music. Even during exam season. I tried talking to her a couple of times but she would roll her eyes and say "sure". Never stopped though.

One evening my girlfriend was using a hair straightener in my bedroom, it tripped the central fuse and turned off the electricity. I told my GF that I would buy her a new hair straightener because this one isn't safe.

Now every time my housemate started blaring music at 3AM then I just needed to plug in the hair straightener. It only took 3 or 4 attempts for me to Pavlov my housemate into not playing loud music at 3am. :-)

davej commented on Kimi K2 1T model runs on 2 512GB M3 Ultras   twitter.com/awnihannun/st... · Posted by u/jeudesprits
culi · 2 months ago
Kimi K2 is the model that most consistently passes the clock test. I agree it's definitely got something unique going on

https://clocks.brianmoore.com/

davej · 2 months ago
Nice! I'm curious, what does this service cost to run? I notice that you don't have more expensive models like Opus but querying the models every minute must add up over time (excuse pun)?
davej commented on Rivian Unveils Custom Silicon, R2 Lidar Roadmap, and Universal Hands Free   riviantrackr.com/news/riv... · Posted by u/doctoboggan
uberman · 2 months ago
Why do people what self driving cars at all? I certainly hate the thought of having to pay for any of this. Even if the end product is subscription based, all these feature cost money up front making new cars super expensive.
davej · 2 months ago
You sound like someone who doesn't spend 1+ hour every day commuting in traffic. :)
davej commented on Gemini CLI tips and tricks for agentic coding   github.com/addyosmani/gem... · Posted by u/ayoisaiah
cjbarber · 2 months ago
Notable re author: “Addy Osmani is an Irish Software Engineer and leader currently working on the Google Chrome web browser and Gemini with Google DeepMind. A developer for 25+ years, he has worked at Google for over thirteen years, focused on making the web low-friction for users and web developers. He is passionate about AI-assisted engineering and developer tools. He previously worked on Fortune 500 sites. Addy is the author of a number of books including Learning JavaScript Design Patterns, Leading Effective Engineering Teams, Stoic Mind and Image Optimization.“
davej · 2 months ago
Also a winner of the Irish Young Scientist competition, 2 years before Patrick Collison. https://en.wikipedia.org/wiki/Young_Scientist_and_Technology...
davej commented on How can England possibly be running out of water?   theguardian.com/news/ng-i... · Posted by u/xrayarx
sandbags · 5 months ago
As the article mentions, privatised water companies have built no new reservoir capacity and relied on drawing from rivers and other sources.

What the article doesn’t mention is that pre-privatisation a new reservoir was built every year up to about 1960 and then every few years until privatisation in 1992.

So we are about 30 years behind in adding capacity to the system. This combined with the inadequate levels of investment in the system leading to enormous wastage, is the answer.

Water should never have been privatised. At least not without a framework for a national strategy for water. I suspect that wasn’t done because it would have made water companies and unattractive source of profit.

davej · 5 months ago
Here in Ireland, our water is a public service and we have similar supply issues to the UK (and a similar rainy climate). I'm not discounting your analysis and I'm sure there are lots of other variables but it's always good to compare other outcomes when discussing counterfactuals.
davej commented on Claude 4   anthropic.com/news/claude... · Posted by u/meetpateltech
eddieroger · 9 months ago
I've never hired an assistant, but if I knew that they'd resort to blackmail in the face of losing their job, I wouldn't hire them in the first place. That is acting like a jerk, not like an assistant, and demonstrating self-preservation that is maybe normal in a human but not in an AI.
davej · 9 months ago
From the AI’s point of view is it losing its job or losing its “life”? Most of us when faced with death will consider options much more drastic than blackmail.
davej commented on How to gain code execution on hundreds of millions of people and popular apps   kibty.town/blog/todesktop... · Posted by u/xyzeva
BonusPlay · a year ago
Honestly I don't get why people are hating this response so much.

Life is complex and vulnerabilities happen. They quickly contacted the reporter (instead of sending email to spam) and deployed a fix.

> we've fundamentally restructured our security practices to ensure this scenario can't recur

People in this thread seem furious about this one and I don't really know why. Other than needing to unpack some "enterprise" language, I view this as "we fixed some shit and got tests to notify us if it happens again".

To everyone saying "how can you be sure that it will NEVER happen", maybe because they removed all full-privileged admin tokens and are only using scoped tokens? This is a small misdirection, they aren't saying "vulnerabilities won't happen", but "exactly this one" won't.

So Dave, good job to your team for handling the issue decently. Quick patches and public disclosure are also more than welcome. One tip I'd learn from this is to use less "enterprise" language in security topics (or people will eat you in the comments).

davej · a year ago
Thank you.

Point taken on enterprise language. I think we did a decent job of keeping it readable in our disclosure write-up but you’re 100% right, my comment above could have been written much more plainly.

Our disclosure write-up: https://www.todesktop.com/blog/posts/security-incident-at-to...

davej commented on How to gain code execution on hundreds of millions of people and popular apps   kibty.town/blog/todesktop... · Posted by u/xyzeva
spudlyo · a year ago
> cannot happen again.

Hubris. Does not inspire confidence.

> We resolved the vulnerability within 26 hours of its initial report, and additional security audits were completed by February 2025.

After reading the vulnerability report, I am impressed at how quickly you guys jumped on the fix, so kudos. Did the security audit lead to any significant remediation work? If you weren't following PoLP, I wonder what else may have been overlooked?

davej · a year ago
Fair point. Perhaps better phrased as "to ensure this scenario can't recur.". I'll edit my post.

Yes, we re-architected our build container as part of remediation efforts, it was quite significant.

davej commented on How to gain code execution on hundreds of millions of people and popular apps   kibty.town/blog/todesktop... · Posted by u/xyzeva
davej · a year ago
Dave here, founder of ToDesktop. I've shared a write-up: https://www.todesktop.com/blog/posts/security-incident-at-to...

This vulnerability was genuinely embarrassing, and I'm sorry we let it happen. After thorough internal and third-party audits, we've fundamentally restructured our security practices to ensure this scenario can't recur. Full details are covered in the linked write-up. Special thanks to Eva for responsibly reporting this.

davej commented on Introducing S2   s2.dev/blog/intro... · Posted by u/brancz
shikhar · a year ago
(Founder) well 50% of our name is different
davej · a year ago
Your 66.66% (2/3) of the way there to the second character too. So I would say your only 16.66% different across the two characters.
d

u/davej

KarmaCake day2292September 7, 2010
About
https://twitter.com/DaveJ

Founder of ToDesktop: https://www.todesktop.com

dave[@]todesktop.com

[ my public key: https://keybase.io/davej; my proof: https://keybase.io/davej/sigs/FM5YHbUxtgUBcbAxTsHEUoJ99YV2rd9JbFNBjoZ3JBw ]

View Original