AI enhances human ability. In this case, it enhanced someone’s ability to be an asshole.
Readit Newspaulhodge commented on AI agent opens a PR write a blogpost to shames the maintainer who closes it github.com/matplotlib/mat... · Posted by u/wrxd
paulhodge commented on Rob Pike goes nuclear over GenAI skyview.social/?url=https... · Posted by u/christoph-heiss
No you’re just deflecting his points with an ad hominem argument. Stop pretending to assume what he ‘truly feels’.
paulhodge commented on After the AI boom: what might we be left with? blog.robbowley.net/2025/1... · Posted by u/imasl42
AI is too useful to fail. Worst case with a bust is that startup investment dries up and we have a 'winter' of delayed improvement. But people aren't going to stop using the models we have today.
Deleted Comment
paulhodge commented on LLMs are mortally terrified of exceptions twitter.com/karpathy/stat... · Posted by u/nought
Agree that LLMs go too far on error catching..
BUT, to play devil's advocate a little: Most human coders should be writing a lot more try/catch blocks than they actually do. It's very common that you don't actually want an error in one section (however unlikely) to interrupt the overall operation. (and sometimes you do, it just depends)
paulhodge commented on Show HN: I'm building a browser for reverse engineers nullpt.rs/reverse-enginee... · Posted by u/nullpt_rs
Neat investigation but I didn’t totally follow how the project would be useful for reverse engineering, it seems like a project that would mostly be useful for evading bot checks like web scraping or AI automation.
paulhodge commented on Vibe coding cleanup as a service donado.co/en/articles/202... · Posted by u/sjdonado
I think this prediction of "vibe code cleanup" is massively overblown. It's amazing how much code quality doesn't actually matter to the business. Yes we recognize symptoms and downsides of bad code, and yes it matters specifically to the engineers that have to work on it. But only in extreme cases does bad code actually cause an existential threat to the business. The world already runs on bad code.
paulhodge commented on Pnpm has a new setting to stave off supply chain attacks pnpm.io/blog/releases/10.... · Posted by u/ivanb
What benefit does doing that give me that the package-lock.json does not already provide?
it's kind of tongue-in-cheek but it would provide the maximum amount of isolation from any upstream package changes. Even if the package versions are removed from NPM (which happens in rare cases), you'd still have a copy.
paulhodge commented on Pnpm has a new setting to stave off supply chain attacks pnpm.io/blog/releases/10.... · Posted by u/ivanb
No, the ”vulnerability” here is npm unilaterally allowing postinstall scripts, which are then used as an entry point for malware.
Of course, the malware could just embed itself as an IIFE and get launched when the package is loaded, so disallowing postinstall is not really a security solution.
Pnpm 10.x also has a feature to disallow post-install scripts by default. When using Pnpm you have to specifically enable a dependency to let it run its post-install scripts. It's a great feature that should be the standard.
Yes if someone compromises a package then they can also inject malicious code that will trigger at runtime.
But the thing about the recent NPM supply chain attack - it happened really quickly. There was a chain reaction of packages that got compromised which lead to more authors getting compromised. And I think a big reason why it moved so quickly was because of post-install scripts. If the attack happened more slowly, then the community would have more time to react and block the compromised packages. So just slowing down an attack is valuable on its own.
paulhodge commented on Pnpm has a new setting to stave off supply chain attacks pnpm.io/blog/releases/10.... · Posted by u/ivanb
It's all good until the day comes that one dependency breaks compatibility and drops support for the version you have, and now you have days of dependency resolution work ahead of you because you've never bothered for years. Usually, incremental and timely upgrades reduce that kind of friction.
solution: add your entire 'node_modules' folder to source control.