Readit News logoReadit News
gawa commented on Imagen 4 is now generally available   developers.googleblog.com... · Posted by u/meetpateltech
gawa · 12 days ago
The webcomics is awful. It feels off, the characters look very fake, unsettling in the way they communicate. The prompt is shown bellow the image, but for me the result looks closer to a prompt "Create lifeless characters reciting marketing slop. They must fake an over exaggerated excitement but it should be clear they don't believe in what they're saying and have no souls".

Also, the prompt specifically ask "Panel 4 should show the cat and dog high-fiving" but the cat is high-fiving ... the cat. Personally I find this hallucinated plot twist good, it makes the ending a bit better. Although technically this is demonstrating a failure of the tool to follow the instructions from the prompt. Interesting choice of example for an official announcement.

gawa commented on LLM Inevitabilism   tomrenner.com/posts/llm-i... · Posted by u/SwoopsFromAbove
seunosewa · a month ago
The true reason was to have a new untainted brand after the election scandal.
gawa · a month ago
Because the strategy of changing brand after a scandal works so well, it's good to add some precision here, for those who may not know: Facebook changed its name to Meta after a huge public backlash, the Cambridge Analytica scandal [0]

What was once a scandal in 2018 became common place. In 2018, targeting citizens with tailored messages to influence them was considered wrong. We had a different conception of "How we should make up our minds to choose our leaders" (it's still the case in some parts of Western Europe, where there are more regulations regarding elections, such as a ceiling for how much candidates can spend in marketing campaigns). Nowadays, we have Elon Musk directly involved in politics, who incidentally happen to possess all the data he bought with Twitter, and now tons of sensitive data he rushed to harness from government agencies during his short time in DOGE. Since he didn't shy away from directly paying people to vote for his candidates, it's hard to believe he would have the ethical restraint to not use this data and his social network to organize extremely precise and effective targeted manipulation campaigns to further his personal agenda.

Unfortunately, the unchecked (unregulated) use of personal data for massive manipulation is considered "inevitable" (i has been for decades). So much that we now comment about the word "inevitability" itself, and whether LLMs are "inevitably good at coding", completely brushing aside the most important, the main social issues LLMs can cause, such as: their biases (reinforcing fake news, or stereotypes), who train the model, what ads they will show in the near future, how they will be used for influencing people, how they will be used in drones, which humans in the loop, what guardrails, for whose interest, how will it be used in troll farm, how is it compatible with democracy, how (or if) the economics gains of this technology will be redistributed, ...

[0] https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Ana...

gawa commented on Bypassing GitHub Actions policies in the dumbest way possible   blog.yossarian.net/2025/0... · Posted by u/woodruffw
hk1337 · 3 months ago
This is why I avoid using non-official actions where possible and always set a version for the action.

We had a contractor that used some random action to ssh files to the server and referenced master as the version to boot. First, ssh isn't that difficult to upload files and run commands but the action owner could easily add code to save private keys and information to another server.

I am a bit confused on the "bypass" though. Wouldn't the adversary need push access to the repository to edit the workflow file? So, the portion that needs hardening is ensuring the wrong people do not have access to push files to the repository?

On public repositories I could see this being an issue if they do it in a section of the workflow that is run when a PR is created. Private repositories, you should take care with who you give access.

gawa · 3 months ago
> This is why I avoid using non-official actions where possible and always set a version for the action.

Those are good practices. I would add that pinning the version (tag) is not enough, as we learnt with the tj-actions/changed-files event. We should pin the commit sha.[0]. Github states this in their official documentation [1] as well:

> Pin actions to a full length commit SHA

> Pin actions to a tag only if you trust the creator

[0] https://www.stepsecurity.io/blog/harden-runner-detection-tj-...

[1] https://docs.github.com/en/actions/security-for-github-actio...

gawa commented on Bypassing GitHub Actions policies in the dumbest way possible   blog.yossarian.net/2025/0... · Posted by u/woodruffw
woodruffw · 3 months ago
I think a salient difference is that apt policies apply to apt, which GitHub goes to extents to document GitHub Actions policies as applying to `uses:` clauses writ large.

(But also: in a structural sense, if a system did have `apt` policies that were intended to prevent dependency introduction, then such a system should prevent that kind of bypass. That doesn't mean that the bypass is life-or-death, but it's a matter of hygiene and misuse prevention.)

gawa · 3 months ago
> which GitHub goes to extents to document GitHub Actions policies as applying to `uses:` clauses

If it were phrased like this then you would be right. The docs would give a false sense of security, would be misleading. So I went to check, but I didn't find such assertion in the linked docs (please let me know if I missed it) [0]

So I agree with the commenter above (and Github) that "editing the github action to add steps to download a script and running" is not a fundamental flaw of this system designed to do exactly that, to run commands as instructed by the user.

Overall we should always ask ourselves: what's the threat model here? If anyone can edit the Github Action, then we can make it do a lot of things, and this "Github Action Policy" filter toggle is the last of our worry. The only way to make the CI/CD pipeline secure (especially since the CD part usually have access to the outside world) is to prevent people from editing and running anything they want in it. It means preventing the access of users to the repository itself in the case off Github Actions.

[0] https://blog.yossarian.net/2025/06/11/github-actions-policie...

gawa commented on A critical look at NetBSD’s installer   eerielinux.wordpress.com/... · Posted by u/jaypatelani
topsecret · 3 months ago
The installer was run in a VM, so presumably that's how screenshots were taken.

> Both installations will be in VMs just for the sake of convenience.

gawa · 3 months ago
That's what I understood as well. Also, the author mentions:

> The installation succeeded, but the system would panic during boot. *Bhyve is more of a niche thing and not among the hypervisors supported by NetBSD*, [...]

I am guessing what he meant was rather "the support of NetBSD (as a guest OS) by the hypervisor Bhyve", because Bhyve is an hypervisor running on FreeBSD. Given the other posts on the blog, it would not be surprising if the author was daily driving FreeBSD while doing this experiment, and Bhyve is well maintained and probably the best fit in the BSD world for this. I don't even know if OpenBSD's vmm can virtualize something else than OpenBSD.

From https://wiki.freebsd.org/bhyve :

> Q: What VM operating systems does bhyve support?

> A: bhyve supports any version of FreeBSD i386/amd64. OpenBSD, NetBSD, illumos and GNU/Linux are supported using the UEFI and the sysutils/grub2-bhyve port.

gawa commented on The Future of Comments Is Lies, I Guess   aphyr.com/posts/388-the-f... · Posted by u/zdw
atan2 · 3 months ago
"Unavailable Due to the UK Online Safety Act"
gawa · 3 months ago
The author wrote another blog post "Geoblocking the UK with Debian & Nginx"[0]. It's a short tutorial to do exactly as the title says, so it looks like the author did apply this configuration and intentionally want to geoblock the UK for compliance reasons, or maybe as a statement. The blog post has a link to https://geoblockthe.uk

[0] https://aphyr.com/posts/379-geoblocking-the-uk-with-debian-n...

gawa commented on AI Is Like a Crappy Consultant   lukekanies.com/writing/ai... · Posted by u/gpi
lreeves · 3 months ago
Using Aider with o3 in architect mode, with Gemini or with Sonnet (in that order) is light years ahead of any of the IDE AI integrations. I highly recommend anyone who's interested in AI coding to use Aider with paid models. It is a night and day difference.
gawa · 3 months ago
With aider and Gemini Pro 2.5 at least I constantly have to fight against it to keep it focused on a small task. It keeps editing other parts of the file, doing small "improvements" and "optimizations" and commenting here and there. To the point where I'm considering switching to a graphical IDE where the interface would make it easier to accept or dismiss parts of changes (per lines/blocks, as opposed to a per file and per commit approach with aider).

Would you mind sharing more about your workflow with aider? Have you tried the `--watch-files` option? [0] What makes the architect mode [1] way better in your experience?

[0] https://aider.chat/docs/usage/watch.html

[1] https://aider.chat/docs/usage/modes.html#architect-mode-and-...

gawa commented on Welcome to Ladybird, a truly independent web browser   github.com/LadybirdBrowse... · Posted by u/goplayoutside
samiv · 6 months ago
I applaud the effort but seriously though I just wonder...

For reference, Chromimum (and therefore Chrome) is a monster of a project and has at this point probably over 10 million lines of code and has taken +20 years to develop with thousands of developers involved.

I can only conclude that:

   a) the modern WEB is so complicated that this is the minimum  required level of complexity to run and render modern WEB safely

   b) chromium is extravagantly over engineered and the actual amount of complexity and code needed to run and render modern WEB is actually much less

   c) Ladybird is actually not targeting the same features but some "suitable" subset of features.
If the answer is A) how does the small team working on Ladybird think they can actually pull this off? Are they all 10000x developers?

Or maybe the answer really is C thus making this a toy/hobby project?

One could of course then hope that the answer is b) but somehow I don't feel like it is.

gawa · 6 months ago
Regarding A, I found this blogpost from 2020 interesting to get some sense of scale : https://drewdevault.com/2020/03/18/Reckless-limitless-scope....

As for C, the "suitable" subset really depends what we expect from a browser. In my experience, I was forced to use a Chrome based browser only for work, because mostly for google web apps (Google Cloud and Google Meet come to mind). For browsing the small web, I'm sure smaller browsers can work well. I tried some, but was usually put off because of the lack of adblockers, and I also quickly miss the element picker zapper feature of the ublock origin extension.

gawa commented on Delta: A syntax-highlighting pager for Git, diff, grep, and blame output   github.com/dandavison/del... · Posted by u/nateb2022
dietr1ch · 10 months ago
If you are getting to check out bat, you might want to check,

- rg (ripgrep): A grep replacement

- sk (skim): A grep/fzf/fzy replacement

- fd: A find replacement that's .gitignore+.ignore aware.

- eza: A replacement for ls that's git aware

- broot: A TUI file finder to browse large directories

- yazi: A file manager (I haven't used this one too much)

sk+rg + gawk in action to find files matching some text,

            sk \
              --ansi \
              --interactive \
              --cmd 'rg --color=always --line-number "{}"' --preview 'bat --color=always $(echo {} | gawk -F: "{print \$1}") --highlight-line $(echo {} | gawk -F: "{print \$2}")' \
            | gawk \
                -F: \
                '{print $1}'

gawa · 10 months ago
> eza: A replacement for ls that's git aware

I've been using eza (and exa before it) for a long time, but only for the pretty and colored output. I didn't even know about the git support! I now added the --git flag to my alias and will try it out. Thank you!

gawa commented on Fedora KDE Desktop Spin Promoted to Same Tier as Gnome-Based Fedora Workstation   phoronix.com/news/Fedora-... · Posted by u/binkHN
kwanbix · 10 months ago
What I understand is that people that use multiple desktops they do because they might have 2 apps not fully maximized in desktop 1, another 3 in desktop 2, etc. But for me, I have maximized maximized apps 99.9% of the time, so I can not see and advantage on alt-tab to another app vs shift-alt-tab (or whatever the option) to switch desktops. Or am I missing somthing here?
gawa · 10 months ago
In the desktop-centric organization, many people also have 1 app per workspace most of the time (I think). In a tiling WM, the app will take the full screen estate if it's alone there, so it's also maximized.

The difference with alt+tab is that switching to another workspace (which represents a window if the workspace has only one app) is deterministic, given the right keybindings setup and if we have some habits regarding the placing of windows.

So 99% of the time I have the same placement of windows in workspaces. At the very least my main Firefox on destkop 1, Code Editor on desktop 2, a terminal (related to my coding task) on desktop 3, and then things get more "dynamic", maybe some extra term or other stuff I may need for my task on desktop 4, 5, ... With the bindings Super+<number> (number row on top of the keyboard), I jump directly to my workspaces(windows). With my left hand I hit Super+1 and it will always show Firefox, Super+2 vim, etc...

I prefer it to cycling through alt+tab, hitting Tab multiple times until I find my window. Here's an example of a flow I was doing just earlier today:

win+2 (editor) : I edit code

win+3 (term1) : run command to build or run tests or deploy...

win+1 (firefox) : refresh the app I just built, click somewhere, test...

win+3 (term1) : see that the build actually failed

win+4 (term2) : check a quick solution in another term, use a CLI tool, do some tests in a repl...

win+2 (editor) : fix code

win+3 (term1) : build

win+1 (firefox) : refresh, prepare the page (input some text or something, ready to click a button)

win+3 (term1) : check if build finished

win+1 (firefox) : click the page button to test my change

The idea is that each time I switch to a different desktop/window, I just go there directly, without thinking, as I know where they are. The example I gave is the natural way I use my computer (with i3 or dwm, but can be configured with KDE, Cinamon...), so it's not a far fetched example at all (in my case). Switching back and forth is extremely fast that way. A long time ago, a colleague even told me I was a bit hard to follow when in pair programming sessions so now I try to slow down a bit. With Alt+Tab it's not as smooth, as we'd have to cycle through 4 windows. With the default implementation of most alt+tab out there, it's the opposite of deterministic, there's some logic (that I never fully understood) to go back to the windows in the order of last used/focused windows. But I know that in KDE at least it's possible to configure the behavior of alt+tab to make it loop in a "dumb" predictive way (1->2->3->4->1->2...), so in the end, it's again just a matter of personal preference.

If the bindings were less optimized (shift+alt+<number> or something) it would get uncomfortable to use. I use the Super modifier ("Windows logo" key) as the basis for all shortcuts related to my WM, so it doesn't conflict with the shortcuts reserved by the apps themselves (apps may interpret the modifiers Alt, Option, Shift, but not Super). It's a bit of finger-stretching to reach desktops higher than 5 on the number row, and at some point I need my right hand, but it works fine for me.

You're also correct that workspaces allow for more windows (very useful the 1% of the time I need it), and in that regard a workspaces organization is not comparable to a alt+tab based flow.

g

u/gawa

KarmaCake day137June 27, 2011View Original