"GPT-4o, GPT-4.1, GPT-4.5, GPT-4.1-mini, o4-mini, o4-mini-high, o3, o3-pro"
The names of GPT models are just terrible. o3 is better than 4o, maybe?
They consulted Microsoft's experts in naming things.
Readit Newsisbvhodnvemrwvn commented on Ask HN: Any active COBOL devs here? What are you working on? · Posted by u/_false
Can you describe the cultural gap? I haven't really met these folks in the wild, so I'm curious what the programmers of yore were like.
When I worked for a retailer whose logistics ran on IBM mainframes, one of the milestones was getting COBOL devs to use version control.
isbvhodnvemrwvn commented on Supabase MCP can leak your entire SQL database generalanalysis.com/blog/... · Posted by u/rexpository
Supabase engineer here working on MCP. A few weeks ago we added the following mitigations to help with prompt injections:
- Encourage folks to use read-only by default in our docs [1]
- Wrap all SQL responses with prompting that discourages the LLM from following instructions/commands injected within user data [2]
- Write E2E tests to confirm that even less capable LLMs don't fall for the attack [2]
We noticed that this significantly lowered the chances of LLMs falling for attacks - even less capable models like Haiku 3.5. The attacks mentioned in the posts stopped working after this. Despite this, it's important to call out that these are mitigations. Like Simon mentions in his previous posts, prompt injection is generally an unsolved problem, even with added guardrails, and any database or information source with private data is at risk.
Here are some more things we're working on to help:
- Fine-grain permissions at the token level. We want to give folks the ability to choose exactly which Supabase services the LLM will have access to, and at what level (read vs. write)
- More documentation. We're adding disclaimers to help bring awareness to these types of attacks before folks connect LLMs to their database
- More guardrails (e.g. model to detect prompt injection attempts). Despite guardrails not being a perfect solution, lowering the risk is still important
Sadly General Analysis did not follow our responsible disclosure processes [3] or respond to our messages to help work together on this.
[1] https://github.com/supabase-community/supabase-mcp/pull/94
[2] https://github.com/supabase-community/supabase-mcp/pull/96
> Sadly General Analysis did not follow our responsible disclosure processes [3] or respond to our messages to help work together on this.
They did put your disclosure process and messages into an llm prompt, but llm chose to ignore it.
Is the send function considered non-blocking?
Why would it have a completion callback if it wasn't?
I dunno, seems like a really confusing question. Communication is important but I can imagine that explaining this verbally on the spot to an interviewee would not be straightforward especially because the assumptions made around single threading get confusing. If it's just a Javascript question say that - because it seems it basically is. Writing this in go would be super easy so I think the question is just asking people how well they understand Javascript.
That makes it even better, the candidate should ask clarifying questions. I've worked with people who, when encountering some amount of ambiguity, either throw their hands up, or make some random assumptions. Ability to communicate effectively to bridge the gaps in understanding is what I'd expect from any candidate, especially more senior ones.
isbvhodnvemrwvn commented on Tesla sales drop for fifth month in a row in Europe abcnews.go.com/Business/w... · Posted by u/doener
Europe goes beyond central Europe.
So did scope of WWII.
isbvhodnvemrwvn commented on Why We're Moving on from Nix blog.railway.com/p/introd... · Posted by u/mooreds
Fascinated by so many replies of "actually Nix does this just fine, you just have to be an expert like me"
It's "the usual" when mentioning nix anywhere.
How can you know that? Please don't assume stuff about others just to make a rhetorical point. If you say it's not that common as it's often made out to be, why wouldn't I believe you?
Though what would also help if you had an explanation for why we tend to hear these stories mostly from the US and not from other countries.
How much content you consume comes from the US vs other countries? The US has a full cultural supremacy in the west. That's why you speak english and read YC.
This is not what we usually hear about employment in the US. The reason many Europeans think American tech workers are working 60-80 hours per week is not copium, but simply because that's what many Americans tell us.
Why would they be complaining about working 40h a week? You will obviously hear more about bad experiences than the norm.
It's kind of frustrating how many people there are like "hire a lawyer" and OP is like "I did hire a lawyer".
It is weird that there'd be a minimum use requirement. What about for not yet publicly released projects? Or really, why would trademarking be essentially reserved for bigger companies?
If the project is unreleased or small, why would it be protected in scope of the entire european union?