schneidmaster (u/schneidmaster)

schneidmaster commented on Ask HN: Improving health despite working in a screen-based job · Posted by u/BlackVanilla

watertom · 4 years ago

Dynamic body movement, dancing, running, jumping. Desk jobs force us to be static, the longer we are static the more accustomed our muscles, tendons, ligaments and nervous system become to being static. Stretching doesn’t overcome a lack of movement, movement overcomes a lack of movement.

Lifting heavy weights & body weight exercises, lifting and holding your own weight is very important.

A calorie maintained diet. I personally believe in keto, mostly because it keeps people away from simple carbs which the body treats as sugar, and sugar is a toxic substance, IMHO.

Enough water to maintain hydration, even a little bit of dehydration will rob you of both physical and mental capabilities.

Adequate sleep, varies from person to person, but it’s more than you are currently getting.

Sunshine, if you live in the northern or Southern Hemispheres it means supplementing your diet with Vitamin D & vitamin K, at lunch time, 8,000 IU of D is what most of the scientific community recommends, it’s easy enough to go Google.

Limit screen time outside of work, many geeks have hobbies that have us sit at in one place for long periods of time. Mind and body need to be in harmony.

Get air quality monitors for your work environment and for your home. I did this recently and was shocked at what I was subjecting my body to breathe, it was really hard at home to fix the problem, but once I did a lot of things started changing for me mentally.

Don’t smoke anything, or drink alcohol, avoid caffeine, and sugar (simple carbs), avoid all processed foods. Get checked for food sensitivities, many plants produce toxins to keep pests away, and those toxins can be problematic for some humans. Eat animals that are free range naturally foraging for food, avoid grain feed animals. You are what you eat, and drink.

schneidmaster · 4 years ago

> if you live in the northern or Southern Hemispheres

so... anywhere in the world?

schneidmaster commented on Backpage founders get mistrial because US overplayed child sex trafficking claim arstechnica.com/tech-poli... · Posted by u/Bender

jtdev · 4 years ago

Failure to grant a change of venue which resulted in intimidation of defenses expert witnesses (and subsequently impacted defenses ability to procure witnesses)... Disparaging the defense in the presence of the jury. Failure to sequester the jury throughout the trial. etc.

schneidmaster · 4 years ago

Change of venue and jury sequestration are controlled by the judge, not the prosecutor, and thus definitionally cannot be prosecutorial misconduct. And it's not misconduct for a prosecutor to disparage the defense in front of the jury unless it's extreme or falls into specific categories. Generally the prosecutor's entire job is to make the jury not believe the defense's story.

schneidmaster commented on All public GitHub code was used in training Copilot twitter.com/NoraDotCodes/... · Posted by u/fredley

_Understated_ · 4 years ago

I thought I understood fair use but turns out I was wrong...

That being said, creating a transformative work from something else is considered fair use. So, for example, if I read a whole bunch of books and then, heavily influenced by them, create my own, similar book, that would be fair use I suppose... that makes sense.

But, where does the derivative works come in? Where do you draw the line?

If I am heavily influenced by billions of lines of other people's GPL code (ala Copilot!), then I create my own tool from it and keep my code hidden, does that not mean I am abusing the GPL license?

schneidmaster · 4 years ago

That's what I meant by the devil being in the details -- these gray area questions hinge on the specific facts. Lawyers on both sides will argue which factors apply based on past caselaw and available evidence, and the court renders a decision. For example, from the Stanford webpage I previously linked: "the creation of a Harry Potter encyclopedia was determined to be “slightly transformative” (because it made the Harry Potter terms and lexicons available in one volume), but this transformative quality was not enough to justify a fair use defense in light of the extensive verbatim use of text from the Harry Potter books". So you might be okay creating a Harry Potter encyclopedia in general, but not if your definitions are copy/pasted from the books, but you might still be okay quoting key lines from the books if the quotes are a small portion of your encyclopedia. The caselaw just doesn't lend itself to firm lines in the sand.

schneidmaster commented on All public GitHub code was used in training Copilot twitter.com/NoraDotCodes/... · Posted by u/fredley

_Understated_ · 4 years ago

I don't doubt that an army of lawyers has poured over this but they have size on their side: the cost of litigation vs potential revenue will be a massive factor.

Edit: > There's a decent bit of caselaw indicating that computers reading and using a copyrighted work simply "don't count" in terms of copyright infringement.

That means their computer can read any code it wants, do whatever it wants with the code, then they can monetise that by giving YOU the code. Would they then be indemnified by saying "no Microsoft human read or used this code"?

However, if you then use the code and look at it, does that make you liable?

schneidmaster · 4 years ago

Again, not a lawyer, just a guy who likes reading this stuff. The devil is usually in the details of copyright cases. The Turnitin case hinged substantially on whether Turnitin's use of copyrighted essays was "fair use". There are four factors[0] which determine fair use; the two more relevant factors here are "the purpose and character of your use" and "the effect of the use upon the potential market". The court found that Turnitin's use was highly "transformative" (meaning they didn't just e.g. republish essays; they transformed the copyrighted material into a black-box plagiarism detection service) and also found that Turnitin's use had minimal effect on the market (this is where "computers don't count" comes in -- computers reading copyrighted material don't affect the market much because a computer wasn't ever going to buy an essay).

I would be shocked if GitHub's lawyers didn't argue that using copyrighted material as training data for an AI model is highly transformative. There may be snippets available from the original but they are completely divorced from their original context and virtually unrecognizable unless they happen to be famous like the Quake inverse square root algorithm. And I think GitHub's lawyers would also argue that Copilot's use does not affect the _original_ market -- e.g. it does not hurt Quake's sales if their algorithm is anonymously used in a probably totally unrelated codebase.

Your counterexample would probably fail both tests -- it's not transformative use if your software hands out complete pieces of copyrighted software, and it would definitely affect the market if Copilot gave me the entire source code of Quake for my own game.

[0]: https://fairuse.stanford.edu/overview/fair-use/four-factors

schneidmaster commented on All public GitHub code was used in training Copilot twitter.com/NoraDotCodes/... · Posted by u/fredley

_Understated_ · 4 years ago

Ok, my curiosity has been fired here...

I have conjured up two scenarios here:

Let's say I use copilot to generate a bunch of code for an app, something substantial, and it regurgitates a load of bits and pieces from many sources it got from GitHub, I'd assume there won't be any attribution in it... it will be as if Copilot made the code itself (I know it sort of does but lets not split hairs!). I'm guessing the prevailing theory (from GiitHub anyway) is that I'm legitimately allowed to do this.

Now, let's say I generated all that code by manually copying and pasting chunks of code from a whole bunch of repos, whether they are open source, unlicensed, whatever. Would I not be ripe for legal issues? I could potentially find all the code that copilot generated and just copy and paste it from each of the sources and not mention that in my license. What if I told everyone "yeah, I just copied and pasted this from loads of Github repos and didn't put any attribution in my code". I'd assume that (morality aside) I'd be asking for trouble!

Am I missing something? Am I misunderstanding the situation, or the capabilities of copilot?

schneidmaster · 4 years ago

There's a decent bit of caselaw indicating that computers reading and using a copyrighted work simply "don't count" in terms of copyright infringement -- only humans can infringe copyright. This article[0] does a pretty good job of summarizing the rationale that the courts have provided. My (non-lawyer) take is that GitHub is pushing this just half a step farther -- if computers can consume copyrighted material, and use it to answer questions like "was this essay plagiarized", then in GitHub's view they can also use it to train an AI model (even if it occasionally spits back out snippets of the copyrighted training data). Microsoft has enough lawyers on staff that I'm sure they have analyzed this in depth and believe they at least have a defensible position.

[0]: https://slate.com/technology/2016/08/in-copyright-law-comput...

schneidmaster commented on Npm Audit: broken by design? overreacted.io/npm-audit-... · Posted by u/wongmjane

eropple · 4 years ago

> The other half is that many people reporting these issues have not "opted into" any security tooling and don't understand its tradeoffs. ... For a lot of people this is their first programming environment.

This attitude makes me kind of uncomfortable. Like, I have taught software development to a decent number of folks, but I've always done so in a relatively isolated environment. If one is buying into web programming, I have a hard time feeling like it matters that it's their first programming environment--it is a hostile place (the web) and some understanding of that hostility is pretty high on the list, I think, of Things To Get Used To. There's definitely a tension there with "don't overwhelm a novice", but I don't necessarily think optimizing for the novice case is wise, especially when we want those novices to have their heads on a swivel, too.

> But as a package author, I'd like to be able to mark somewhere that a particular transitive vulnerabilities can't affect my users.

I definitely agree with this, though, and this is a good way to help make something like `npm audit` more intelligible and useful.

schneidmaster · 4 years ago

> This attitude makes me kind of uncomfortable.

I think the point though is that security warnings need to be actionable and high-signal. Experienced folks are absolutely tuning out the security warnings on npm install, because 95% of the warnings are like the examples in the post -- I know they don't affect me/my use case and there's nothing I can do about them anyway. The effect is only compounded for novices who run "npx create-react-app hello-world" and immediately see something incomprehensible about a vulnerability in react-scripts > webpack > watchpack > watchpack-chokidar2 > chokidar > glob-parent. It either discourages them from programming entirely or it teaches them to ignore security warnings.

I don't disagree with your overall point -- e.g. we should absolutely teach novices "here's what XSS is and how to avoid it" early and often. But if a dependency manager is going to surface a vulnerability alert every time I install dependencies, the alerts should be 1) high severity (to the point where I should actually stop using the package if I am unable to patch/upgrade) or 2) at least immediately actionable. The current npm audit implementation does the opposite -- 95% of the alerts are totally irrelevant to my actual security posture, and the suggested command to upgrade a vulnerable dependency is unreliable and can actually downgrade to an older, even-less-secure version (!).

schneidmaster commented on Sublime Text 4 sublimetext.com/blog/arti... · Posted by u/ascom

steve_adams_86 · 4 years ago

I'm blown away by how snappy this is. It always is, but it's even better now. This is really impressive work.

I don't think I'm the target audience here. I just spent 30m trying to tune this for a TypeScript project, and I can't seem to easily get eslint, prettier, and a few other tools working. I added the TypeScript language server package, but it doesn't offer any of the effortless reference navigation and refactoring I'm used to.

Having said that, am I just missing something? Can Sublime be that kind of editor?

I think I'd love to give it a shot, but without these conveniences I'm feeling like I should stick with VS Code.

schneidmaster · 4 years ago

I've used the following list of packages for eslint, prettier, and TypeScript. It's not as effortless as it should be, but the two LSP packages in particular do give reference navigation that's pretty equivalent to VS Code.

- https://packagecontrol.io/packages/SublimeLinter

- https://packagecontrol.io/packages/SublimeLinter-eslint

- https://packagecontrol.io/packages/JsPrettier

- https://packagecontrol.io/packages/LSP

- https://packagecontrol.io/packages/LSP-typescript

If you're on macos, I also recommend creating a file at ~/Library/Application Support/Sublime Text 3/Packages/User/Default (OSX).sublime-mousemap with the following contents -- this adds a cmd+click "go to definition" shortcut that's also equivalent to what VS Code provides. (I guess the path should be "Sublime Text 4" now? but after upgrading, the config at the "Sublime Text 3" path still works for me.)

[ { "button": "button1", "count": 1, "modifiers": ["super"], "press_command": "drag_select", "command": "lsp_symbol_definition" } ]

I've tried to switch to VS Code a few times -- language features (especially TypeScript) tend to work better out-of-the-box but it still isn't close in terms of performance. If you want IDE-like features to "just work" then VS Code is definitely the best choice, but the persistent (albeit sleight) input lag drives me up the wall.

schneidmaster commented on Modern Javascript: Everything you missed over the last 10 years (2020) turriate.com/articles/mod... · Posted by u/EntICOnc

yawaworht1978 · 4 years ago

If someone can explain to me one thing I still do not grasp about react, even though I have done some small websites and apps in react. I understand the virtual Dom concept and only refreshing the necessary DOM components. But how is that much different than an ajax update? I understand ajax causes a request or more, but it only refreshes part of the DOM, right? Or does it cause a full re flow/paint?

schneidmaster · 4 years ago

AJAX (Asynchronous Javascript and XML) is purely orthogonal to DOM updates. An AJAX request is just a network request initiated asynchronously via some Javascript on the page, as opposed to a request initiated synchronously when a user clicks a link or submits a form. Response data from an AJAX request could be used to make a direct DOM mutation, update React state, log to the console, or anything else the developer wants.

schneidmaster commented on FB JavaScript SDK down developers.facebook.com/s... · Posted by u/littleworld

frob · 4 years ago

By my count from the status page[0], the FB JS SDK has had issues for 30 of the past 90 days. That's not even one 9.

[0] https://developers.facebook.com/status/dashboard/

schneidmaster · 4 years ago

Most of the issues on that dashboard don't seem related to the JS SDK, e.g. "Increased latency on marketing insights API" and "Instagram comments webhooks event delivery traffic drop". It's a blended view of every(?) Facebook developer product but you'd usually calculate 9's for each individual product.

schneidmaster commented on New Mexico is the second state to ban qualified immunity innocenceproject.org/new-... · Posted by u/williamsharris

austincheney · 4 years ago

Those are both irrelevant to the issue at hand: wrongful arrest. Wrongful arrest occurs when either the incorrect person is detained or when a person is detained without merit.

In order for police to detain people they need to place them under arrest, which includes Maranda warnings, or have a signed warrant.

schneidmaster · 4 years ago

Police absolutely do not have to read your Miranda rights in order to arrest you -- they only need to read your rights if they plan to question you with regards to a criminal investigation and they would like to use your statements as evidence in a court of law.