Readit News logoReadit News
peacebeard commented on Malicious versions of Nx and some supporting plugins were published   github.com/nrwl/nx/securi... · Posted by u/longcat
inbx0 · 16 hours ago
Periodic reminder to disable npm install scripts.

    npm config set ignore-scripts true [--global]
It's easy to do both at project level and globally, and these days there are quite few legit packages that don't work without them. For those that don't, you can create a separate installation script to your project that cds into that folder and runs their install-script.

I know this isn't a silver bullet solution to supply chain attakcs, but, so far it has been effective against many attacks through npm.

https://docs.npmjs.com/cli/v8/commands/npm-config

peacebeard · 6 hours ago
Looks like pnpm 10 does not run lifecycle scripts of dependencies unless they are listed in ‘onlyBuiltDependencies’.

Source: https://pnpm.io/settings#ignoredepscripts

peacebeard commented on We keep reinventing CSS, but styling was never the problem   denodell.com/blog/we-keep... · Posted by u/speckx
const_cast · 15 days ago
Its not the GUI developers fault usually, it's the platform's fault.

Nobody can decide on standards because everyone is greedy. Microsoft has, like, a dozen GUI platforms and they're all Windows-only. Apple doesn't even use an off the shelf rendering API. And android is... Well, android.

Sure, I would like to use the OS provided controls. And then maybe after that we can all hold hands and sing Kumbaya.

peacebeard · 14 days ago
Furthermore, part of the unspoken role of the platform is showing off your brand’s personality with your flashy custom UI. For many, using standard components would be missing the point. Part of the product is the vibes and the website conveys the vibes.
peacebeard commented on AI overviews cause massive drop in search clicks   arstechnica.com/ai/2025/0... · Posted by u/jonbaer
ghushn3 · a month ago
I subscribe to Kagi. It's been worth it to have no ads and the ability to uprank/downrank sites.

And there's no AI garbage sitting in the top of the engine.

peacebeard · a month ago
Thanks for the suggestion. I try nonstandard search engines now and then and maybe this one will stick. Google certainly is trying their best to encourage me.
peacebeard commented on Nightmares Linked to Faster Ageing and Premature Mortality   emjreviews.com/neurology/... · Posted by u/gnabgib
lqet · 2 months ago
Before I had children, I regularly had nightmares in which I felt an incredible, consuming guilt. Usually the dream started quite normal, and suddenly I "remembered" in the dream that I had killed many, many people in the past and that I had just suppressed this memory for years. The rest of the dream was then usually spent in agony because of the guilt, or in disbelief that the police still hadn't found me. Sometimes some investigator suspected me, and I had to flee from the police or invent alibis.

The dreams stopped right around when my first child was born. Never had them since.

peacebeard · 2 months ago
Did your family or other community ever make you feel guilty for not having kids?
peacebeard commented on The cultural decline of literary fiction   oyyy.substack.com/p/the-c... · Posted by u/libraryofbabel
gherkinnn · 2 months ago
I find the culture war to exist primarily in the minds of the terminally online.
peacebeard · 2 months ago
Maybe if you include "terminally watching the news on TV". But either way, it's a lot of people.
peacebeard commented on The cultural decline of literary fiction   oyyy.substack.com/p/the-c... · Posted by u/libraryofbabel
TimorousBestie · 2 months ago
While I disagree that “the publishers went woke” is a salient reason (or even true in any real sense), I give the essay props for resisting the urge to reduce a very complicated problem down to a single causal factor.
peacebeard · 2 months ago
Some better versions of this take might be “In the culture war many people are only willing to consume media that perfectly signals their virtues, so even innocuous content can seem antagonistic.” or “Our culture changed and I don’t like it anymore, get off my lawn.”
peacebeard commented on Is there a half-life for the success rates of AI agents?   tobyord.com/writing/half-... · Posted by u/EvgeniyZh
alganet · 2 months ago
> People are not usually being too specific about what they were trying to do. The same goes for a lot of programming discussion of course.

In programming, I already have a very good tool to follow specific steps: _the programming language_. It is designed to run algorithms. If I need to be specific, that's the tool to use. It does exactly what I ask it to do. When it fails, it's my fault.

Some humans require algorithmic-like instructions too. Like cooking a recipe. However, those instructions can be very vague and a lot of humans can still follow it.

LLMs stand on this weird place where we don't have a clue in which occasions we can be vague or not. Sometimes you can be vague, sometimes you can't. Sometimes high level steps are enough, sometimes you need fine-grained instructions. It's basically trial and error.

Can you really blame someone for not being specific enough in a system that only provides you with a text box that offers anthropomorphic conversation? I'd say no, you can't.

If you want to talk about how specific you need to prompt an LLM, there must be a well-defined treshold. The other option is "whatever you can expect from a human".

Most discussions seem to juggle between those two. LLMs are praised when they accept vague instructions, but the user is blamed when they fail. Very convenient.

peacebeard · 2 months ago
I am not saying that people were not specific in their instructions to the LLM, but rather that in the discussion they are not sharing specific details of their success stories or failures. We are left seeing lots of people saying "it worked for me" and "it didn't work for me" without enough information to assess what was different in those cases. What I'm contending is that the essential differences in the challenges they are facing may be a primary factor, while these discussions tend to focus on the capabilities of the LLM and the user.
peacebeard commented on Is there a half-life for the success rates of AI agents?   tobyord.com/writing/half-... · Posted by u/EvgeniyZh
mikeocool · 2 months ago
This very much aligns with my experience — I had a case yesterday where opus was trying to do something with a library, and it encountered a build error. Rather than fix the error, it decided to switch to another library. It then encountered another error and decided to switch back to the first library.

I don’t think I’ve encountered a case where I’ve just let the LLM churn for more than a few minutes and gotten a good result. If it doesn’t solve an issue on the first or second pass, it seems to rapidly start making things up, make totally unrelated changes claiming they’ll fix the issue, or trying the same thing over and over.

peacebeard · 2 months ago
Very common to see in comments some people saying “it can’t do that” and others saying “here is how I make it work.” Maybe there is a knack to it, sure, but I’m inclined to say the difference between the problems people are trying to use it on may explain a lot of the difference as well. People are not usually being too specific about what they were trying to do. The same goes for a lot of programming discussion of course.
peacebeard commented on Ask HN: Anyone struggling to get value out of coding LLMs?    · Posted by u/bjackman
gyomu · 3 months ago
There are two kinds of engineers.

Those who can’t stop raving about how much of a superpower LLMs are for coding, how it’s made them 100x more productive, and is unlocking things they could’ve never done before.

And those who, like you, find it to be an extremely finicky process that requires extreme amount of coddling to get average results at best.

The only thing I don’t understand is why people from the former group aren’t all utterly dominating the market and obliterating their competitors with their revolutionary products and blazing fast iteration speed.

peacebeard · 3 months ago
I don’t fit in either category. My experience is that LLMs are good at writing code that is easy to write. This is not game-changing, but it is useful.
peacebeard commented on In 3.5 years, Notepad.exe goes from "barely maintained" to "it writes for you"   arstechnica.com/gadgets/2... · Posted by u/CharlesW
peacebeard · 3 months ago
“Barely maintained” is a rude way to say mature, stable, and functionally complete.
p

u/peacebeard

KarmaCake day39June 9, 2023View Original