Readit News logoReadit News
perlgeek commented on Security issues with electronic invoices   invoice.secvuln.info/... · Posted by u/todsacerdoti
clickety_clack · 2 days ago
A standard for invoices seems like something that an accounting body should create that is optional for businesses, not something mandatory created by the government. People will generally follow an optional standard to make their own lives easier, but a mandatory one introduces a compliance middleman into the invoicing process.
perlgeek · a day ago
In the EU there is the "reverse charge" mechanism for VAT when commerce crosses country borders, and it is often used for defrauding EU countries / governments.

The invoicing standard is an attempt to mitigate reverse charge fraud by gathering more machine-readable data. Some countries even demand that b2b invoices are sent to the country, which then dispatches a copy to the recipient.

Knowing this background, it's pretty clear why the EU is making it mandatory.

Personally, in the abstract I like the idea to mandate the use of an open standard, I think we have way too many inefficiencies from treating many things as text documents that could be data structures. I don't like this particular standard though, it's bloated and the result of a typical top-down process.

I much prefer it when there are competing standards for a while, and one or a couple of winner emerge on technical merits. THEN I have no objections to a regulatory body picking a standard and mandating it.

perlgeek commented on Why frozen test fixtures are a problem on large projects and how to avoid them   radanskoric.com/articles/... · Posted by u/amalinovic
perlgeek · 5 days ago
For a database-driven application with sqlalchemy, I've found mixer[0] to be pretty helpful. It gives you an easy way to generate an object, and it automatically creates dummy-objects that your object depends on.

You can also supply defaults and name schemes for individual columns.

For business logic, I prefer to have it structured in a way that it doesn't need the database for testing, but loading and searching stuff from the DB also needs to be tested, and for those, mixer strikes a really good balance. You only need to specify the attributes that are relevant for the test, and you don't need shared fixtures between many tests.

[0]: https://pypi.org/project/mixer/

perlgeek commented on The state of Schleswig-Holstein is consistently relying on open source   heise.de/en/news/Goodbye-... · Posted by u/doener
Ylpertnodi · 6 days ago
>Mostly the widespread perception that the USA has betrayed the security guarantees given to Europe, and that the USA isn't a reliable partner anymore.

Mostly the widespread perception that the Trump administration has betrayed the security guarantees given to Europe, and that the USA isn't a reliable partner anymore.

perlgeek · 6 days ago
Hardly a distinction worth making; if the USA votes for such unstable and highly egoistic politicians TWICE, it's quite clear they aren't a reliable partner anymore.

Even if they vote in a sane president next, we cannot rely on them in the long run, because the one after that could be a lunatic again.

perlgeek commented on The state of Schleswig-Holstein is consistently relying on open source   heise.de/en/news/Goodbye-... · Posted by u/doener
Spooky23 · 7 days ago
What is the political element in Germany that makes these very public walk away from Microsoft viable?

I’ve run projects for a few different employers to look at doing this. The math doesn’t math unless you can segment your workforce. For example, at one place we had a field workforce that operated dispatch centers and field techs. That was all iOS + Linux or Chrome.

perlgeek · 7 days ago
> What is the political element in Germany that makes these very public walk away from Microsoft viable?

Mostly the widespread perception that the USA has betrayed the security guarantees given to Europe, and that the USA isn't a reliable partner anymore.

perlgeek commented on We gave 5 LLMs $100K to trade stocks for 8 months   aitradearena.com/research... · Posted by u/cheeseblubber
Eddy_Viscosity2 · 9 days ago
> a hedge fund can beat the market for 2-4 years but at 10 years and up their chances of beating the market go to very close

In that case the winning strategy would be to switch hedge funds every 3 years.

perlgeek · 9 days ago
The problem is that you don't know in advance which will be doing well when.
perlgeek commented on Reverse engineering a $1B Legal AI tool exposed 100k+ confidential files   alexschapiro.com/security... · Posted by u/bearsyankees
icyfox · 11 days ago
I'm always a bit surprised how long it can take to triage and fix these pretty glaring security vulnerabilities. October 27, 2025 disclosure and November 4, 2025 email confirmation seems like a long time to have their entire client file system exposed. Sure the actual bug ended up being (what I imagine to be) a <1hr fix plus the time for QA testing to make sure it didn't break anything.

Is the issue that people aren't checking their security@ email addresses? People are on holiday? These emails get so much spam it's really hard to separate the noise from the legit signal? I'm genuinely curious.

perlgeek · 10 days ago
Another aspect to consider: when you reduce the amount of permission anything has (like here the returned token), you risk breaking something.

In a complex system it can be very hard to understand what will break, if anything. In a less complex system, it can still be hard to understand if the person who knows the security model very well isn't available.

perlgeek commented on Windows drive letters are not limited to A-Z   ryanliptak.com/blog/windo... · Posted by u/LorenDB
perlgeek · 14 days ago
Now somebody will uses this to hide their malware, somehow...
perlgeek commented on OpenAI needs to raise at least $207B by 2030   ft.com/content/23e54a28-6... · Posted by u/akira_067
JumpCrisscross · 18 days ago
> they are all-in on AGI

What are you basing this on? None of their investor-oriented marketing says this.

perlgeek · 18 days ago
https://openai.com/charter/

> OpenAI’s mission is to ensure that artificial general intelligence (AGI)—by which we mean highly autonomous systems that outperform humans at most economically valuable work—benefits all of humanity. We will attempt to directly build safe and beneficial AGI, but will also consider our mission fulfilled if our work aids others to achieve this outcome.

Note that it doesn't say: "Our mission is to maximize shareholder value, and we develop AI systems to do that".

perlgeek commented on Claude Advanced Tool Use   anthropic.com/engineering... · Posted by u/lebovic
dpacmittal · 19 days ago
Why don't they just train their models on a tools directory/marketplace? And use searching only for tools after the training cutoff.
perlgeek · 19 days ago
Because training a model is expensive, takes a lot of time, and new models need to be evaluated.

But you are right: the trend to represent some helpers compactly so that they don't eat up much of your context window, that's all a workaround for a very real limitation: that fully-trained LLMs cannot meaningfully learn from new context and new data.

It's a bit like writing super-compact HOWTOs for all the tasks that employees ought to be able to do, instead of properly training new employees. There's a place for that, but it only gets you so far.

perlgeek commented on Shai-Hulud Returns: Over 300 NPM Packages Infected   helixguard.ai/blog/malici... · Posted by u/mrdosija
Yokohiii · 20 days ago
But relying on the goodwill of commercial sec vendors is it's own infrastructure risk.
perlgeek · 20 days ago
You can also pay a commercial sec vendor if you don't want to rely on their goodwill.
p

u/perlgeek

KarmaCake day11461May 27, 2009
About
Perl hacker and Perl 6 core developer. Email: moritz.lenz@gmail.com.
View Original