nilshauk (u/nilshauk)

nilshauk commented on Web Environment Integrity has no standing at W3C; understanding new W3C work w3.org/blog/2023/web-envi... · Posted by u/TangerineDream

nilshauk · 2 years ago

Ok so Google ignores W3C on WEI.

But could someone else create a W3C proposal that could counteract WEI? It wouldn't have to implementation-specific but rather one or more principles drawing a line in the sand that shouldn't be crossed like what WEI is built to achieve?

nilshauk commented on GitHub Copilot investigation githubcopilotinvestigatio... · Posted by u/john-doe

i_like_apis · 3 years ago

Foolish take. If ML training is not fair use then all ML progress is dead in the water.

ML training is akin to reading or learning, and licenses do not apply to that.

You’re not thinking past “megacorp = bad”.

nilshauk · 3 years ago

AI progress won't be dead in the water if it respects copyright laws. Yes, being free to just freely grab any data is infinitely easier. But having to rely on properly licensed datasets or asking users for consent should be the norm for ML development IMHO.

Also, If we had trained some A.I. on the Windows codebase and started freely using suggestions given by it I bet Microsoft would scream copyright infringement in a heartbeat.

nilshauk commented on GitHub Copilot investigation githubcopilotinvestigatio... · Posted by u/john-doe

nilshauk · 3 years ago

So happy to learn of this and I wish them best of luck in their efforts. And I'm surprised to find so many people klinging to Copilot.

We shouldn't shed any tears for a megacorporation which shows such blatant disregard for the licensed works of people's labour.

Yes, AI is here to stay but we should be able to build AI that respects copyright. Yes, it's easier to just steal data and call it fair use. Whether or not that's stealing will be interesting to try in court.

nilshauk commented on The PocketReform is a made-in-Berlin Linux handheld tuxphones.com/mnt-pocketr... · Posted by u/sohkamyung

nilshauk · 3 years ago

I love that they included an ortholinear keyboard and open schematics. Definitely keeping my eyes on this.

nilshauk commented on Ask HN: Is anyone else glad the crypto market is crashing? · Posted by u/blueberrychpstx

nilshauk · 3 years ago

I’m not happy about people losing money.

However, I’m happy if this means money will be invested in innovation towards saving the planet, rather than finding new ways to burn resources with proof-of-work-based crypto.

nilshauk commented on Innovating beyond libraries and frameworks nilsnh.no/2022/04/09/inno... · Posted by u/firstSpeaker

ThinkBeat · 3 years ago

On my friend's computer netlife throws up a WoT warning. (it is mentioned in the article as where the auhtor is CTO)

>"This website has poor reputation according to Web of Trust. >www.netlife.com >Users have identified the following issues: Spam

I dont think most people here take WoT warnings that seriously but it might be good for the author to be aware of it.

nilshauk · 3 years ago

Wow. Thanks for the headsup! I’ll have to look into this.

nilshauk commented on Innovating beyond libraries and frameworks nilsnh.no/2022/04/09/inno... · Posted by u/firstSpeaker

yobbo · 3 years ago

> "whatever tech you choose you'll have to live with the consequences by owning maintenance and future development."

But this is not in the interest of "architects", "system owners" or "buyers". They want programmers to be replaceable, not stakeholders.

To "architects", frameworks/libraries make programmers replaceable, and programmers need frameworks/libraries to be marketable.

nilshauk · 3 years ago

Yeah that makes sense. And “nobody got fired for picking technology X from large company Y”, there’s also that type of thinking.

nilshauk commented on Innovating beyond libraries and frameworks nilsnh.no/2022/04/09/inno... · Posted by u/firstSpeaker

shadowgovt · 3 years ago

> Codebases that lag behind on updates can become vulnerable to security exploits

This is an excellent point, but I think it's always worth considering that the tradeoff isn't between third-party security vulnerabilities and no vulnerabilities; it's between third-party security vulnerabilities and first-party security vulnerabilities.

It's up to your team to decide if you have the capabilities in-house to deal with those. If not, trusting to the wisdom of crowds may often be a better solution. (At the very least, if you're rolling your own crypto solution and not publishing it, take a strong look at why you're doing that and be very sure you aren't falling victim to smartest-kids-in-the-room syndrome).

nilshauk · 3 years ago

Very much agree. Though there’s a line between implementing cryptographic algorithms yourself vs. implementing cookie based authentication.

Cryptography is something I’d leave to standard libraries. However, when it comes to authentication it might not be that hard to implement some cookie or token logic as long as the actual cryptography is handled by some well tested library.

nilshauk commented on Innovating beyond libraries and frameworks nilsnh.no/2022/04/09/inno... · Posted by u/firstSpeaker

JonChesterfield · 3 years ago

I was hoping the "beyond" would be along the lines of domain specific languages. It wasn't, and I can't follow the article's conclusion.

Library vs framework vs DIY seems domain specific.

If your thing has been built so often already that much of the logic can be factored out into a framework, great - may as well use that. Unit testing also works well as structure you plug tests into.

If parts of your thing occur elsewhere but the overall structure doesn't, probably want libraries for the common parts. Equally use libraries for when the frameworks that fit don't look good enough.

If you can't find an adequate library, DIY time.

Write your own language seems difficult to justify economically but I really like the domain/language fit you can get out of it.

nilshauk · 3 years ago

I don't think my article shuts the door on domain specific languages even though it doesn't offer it as an answer. It could be an answer. By relying a bit less on frameworks and writing more code ourselves we have the chance to make our code fit the domain we're working with better. For now I wanted to wrestle a bit with the idea of always pulling in frameworks to do things.

> If your thing has been built so often already that much of the logic can be factored out into a framework, great - may as well use that

I agree, though that often comes with some costs and tradeoffs like I tried to outline in the article.

nilshauk commented on Innovating beyond libraries and frameworks nilsnh.no/2022/04/09/inno... · Posted by u/firstSpeaker

xnorswap · 3 years ago

If we've done that it's because overnight we realised we needed 10 billion fish and only had a handful of people currently able to fish.

Mass mobilisation of people able to catch fish has enabled businesses to join the digital landscape.

It may be true that we've not taught people in a way that's best for their long-term prospects, but had the computer science industry taken the approach of other engineering, nursing or even accounting, with strict legislated terms and certificates, and exam boards controlling quota of people able to go into computing, then perhaps it would be an ivory tower of well built and engineered software.

But it would also have risked leaving most businesses behind and things wouldn't have accelerated nearly as fast.

nilshauk · 3 years ago

That's true we might not have been able to mobilize so much productivity so quickly for business without throwing frameworks at the problem. However, I think also a lot of effort might have been wasted by reinventing wheels and rewriting application many times over because some framework or language fell out of fashion and hiring for it became difficult.