Docker is not a security boundary. You’re one prompt injection away from handing over your gmail cookie.
Readit Newssmallpipe commented on Don't trust AI agents nanoclaw.dev/blog/nanocla... · Posted by u/gronky_
smallpipe commented on I don't know how you get here from “predict the next word” grumpy-economist.com/p/re... · Posted by u/qsi
I created a code review pipeline at work with a similar tradeoff and we found the cost is worth it. Time is a non-issue.
We could run Claude on our code and call it a day, but we have hundreds of style, safety, etc rules on a very large C++ codebase with intricate behaviour (cooperative multitasking be fun).
So we run dozens of parallel CLI agents that can review the code in excruciating detail. This has completely replaced human code review for anything that isn't functional correctness but is near the same order of magnitude of price. Much better than humans and beats every commercial tool.
"scaling time" on the other hand is useless. You can just divide the problem with subagents until it's time within a few minutes because that also increases quality due to less context/more focus.
> This has completely replaced human code review for anything that isn't functional correctness
Isn’t functional correctness pretty much the only thing that matters though?
Could you run a similar analysis for pre-2020 papers? It'd be interesting to know how prevalent making up sources was before LLMs.
> “Not much. The real incentive for finding a vulnerability in cURL is the fame ('brand is priceless'), not the hundred or few thousand dollars. $10,000 (maximum cURL bounty) is not a lot of money in the grand scheme of things, for somebody capable of finding a critical vulnerability in curl.”
That's the choice as seen from the perspective of a white-hat hacker. But for an exploitable vulnerability, the real choice is to sell it to malware producers (I'm including state-sponsored spyware companies like the makers of Pegasus in this category) for a lot of money, or do the more moral thing and earn at least a little bit of money via a bug bounty program.
Hopefully the malware authors have the same issue of filtering through garbage AI submission
smallpipe commented on The highest quality codebase gricha.dev/blog/the-highe... · Posted by u/Gricha
The viewport of this website is quite infuriating. I have to scroll horizontally to see the `cloc` output, but there's 3x the empty space on either side.
smallpipe commented on Criticisms of “The Body Keeps the Score” josepheverettwil.substack... · Posted by u/adityaathalye
What if something works even if the arguments are unscientific?
Example: How to get an apple from high up in the tree where I can't reach?
My theory is that if I knock them with a baseball bat they fall because they are afraid of baseball bats and don't want to be hit. I have tested it and it works.
A physics teacher I know disagrees, and a biologist disagrees.
What if psychology has such things that just work even if the theory is wrong? The trauma healing layman psychology industry might have a method that works for some people, so that they get into a better mental state.
Science has no problem admitting something works without knowing why. Making stuff up to sell a book is preying on vulnerable people.
smallpipe commented on PlayStation 3 Architecture (2021) copetti.org/writings/cons... · Posted by u/adamwk
smallpipe commented on You did no fact checking, and I must scream shkspr.mobi/blog/2025/10/... · Posted by u/blenderob
The average journalist has to churn enough stories that they don't have time to be looking up anything.
There must be a corollary somewhere about how much you should read the average newspaper.
smallpipe commented on Who needs Git when you have 1M context windows? alexmolas.com/2025/07/28/... · Posted by u/alexmolas
That’s a lot of words for “I suck at my job”