Readit News logoReadit News
gazereth commented on The Pain That Is GitHub Actions   feldera.com/blog/the-pain... · Posted by u/qianli_cs
hn_throwaway_99 · a year ago
> A few days ago, someone compromised a popular GitHub Action. The response? "Just pin your dependencies to a hash." Except as comments also pointed out, almost no one does.

I used GitHub actions when building a fin services app, so I absolutely used the hash to specify Action dependencies.

I agree that this should be the default, or even the required, way to pull in Action dependencies, but saying "almost no one does" is a pretty lame excuse when talking about your own risk. What other people do has no bearing on your options here.

Pin to hashes when pulling in Actions - it's much, much safer

gazereth · a year ago
Pinning dependencies is trading one problem for another.

Yes, your builds will work as expected for a stretch of time, but that period will come to an end, eventually.

Then one day you will be forced to update those pinned dependencies and you might find yourself having to upgrade through several major versions, with breaking changes and knock-on effects to the rest of your pipelines.

Allowing rolling updates to dependencies helps keep these maintenance tasks small and manageable across the lifetime of the software.

gazereth commented on Cursor told me I should learn coding instead of asking it to generate it   forum.cursor.com/t/cursor... · Posted by u/nomilk
datadeft · a year ago
The biggest problem what I have with using AI for software engineering is that it is absolutely amazing for generating the skeleton of your code, boilerplate really and it sucks for anything creative. I have tried to use the reasoning models as well but all of them give you subpar solutions when it comes to handling a creative challenge.

For example: what would be the best strategy to download 1000s of URLs using async in Rust. It gives you ok solutions but the final solution came from the Rust forum (the answer was written 1 year ago) which I assume made its way into the model.

There is also the verbosity problem. Calude without the concise flag on generates roughly 10x the required amount of code to solve a problem.

Maybe I am prompting incorrectly and somehow I could get the right answers from these models but at this stage I use these as a boilerplate generator and the actual creative problem solving remains on the human side.

gazereth · a year ago
Personally I've found that you need to define the strategy yourself, or in a separate prompt, and then use a chain-of-thought approach to get to a good solution. Using the example you gave:

  Hey Chat,
  Write me some basic rust code to download a url. I'd like  to pass the url as an string argument to the file
Then test it and expand:

  Hey Chat,
  I'd like to pass a list of urls to this script and fetch them one by one. Can you update the code to accept a list of urls from a file?
Test and expand, and offer some words of encouragement:

  Great work chat, you're really in the zone today!

  The downloads are taking a bit too long, can you change the code so the downloads are asynchronous. Use the native/library/some-other-pattern for the async parts.
Test and expand...

gazereth commented on Scramble: Open-Source Alternative to Grammarly   github.com/zlwaterfield/s... · Posted by u/zlwaterfield
kylebenzle · a year ago
Without marketing speak can I ask why anyone would have a need for a service like grammerly, I always thought it was odd trying to sell a subscription based spell checker (AI is just a REALLY good spell checker).
gazereth · a year ago
Non-native speakers find it useful since it doesn't just fix spelling but also fixes correctness, directness, tone and tense. It gives you an indication of how your writing comes across, e.g. friendly, aggressive, assertive, polite.

English can be a very nuanced language - easy to learn, difficult to master. Grammarly helps with that.

g

u/gazereth

KarmaCake day25February 27, 2024View Original