Readit News logoReadit News
smpretzer commented on Microsoft suspended the email account of an ICC prosecutor at The Hague   nytimes.com/2025/06/20/te... · Posted by u/blinding-streak
shswkna · 2 months ago
Get angry at Europe, not Microsoft and USA.

Europeans live in a fairy land dream and need to wake up.

smpretzer · 2 months ago
What should we be getting angry at Europe for in this context?
smpretzer commented on Andrej Karpathy: Software in the era of AI [video]   youtube.com/watch?v=LCEmi... · Posted by u/sandslash
mkw5053 · 2 months ago
This DevOps friction is exactly why I'm building an open-source "Firebase for LLMs." The moment you want to add AI to an app, you're forced to build a backend just to securely proxy API calls—you can't expose LLM API keys client-side. So developers who could previously build entire apps backend-free suddenly need servers, key management, rate limiting, logging, deployment... all just to make a single OpenAI call. Anyone else hit this wall? The gap between "AI-first" and "backend-free" development feels very solvable.
smpretzer · 2 months ago
I think this lines up with Apple’s thesis of on-device models being a useful feature for developers who don’t want to deal with calling out the OpenAI

https://developer.apple.com/documentation/foundationmodels

smpretzer commented on S5cmd: Parallel S3 and local filesystem execution tool   github.com/peak/s5cmd... · Posted by u/polyrand
smpretzer · 3 months ago
I have used s5cmd in a professional setting and it works wonderfully. I have never attempted to test performance to confirm their claims, but as an out of the box client, it is (anecdotally) significantly faster than anything else I have tried.

My only headache was that I was invoking it from python, and it does not have bindings, so I had to write a custom wrapper to call out to it. I am not sure of the difficulty of adding native support for Python, but I assume its not worth the squeeze and just calling out to a subprocess will work for most user's needs.

smpretzer commented on The Pain That Is GitHub Actions   feldera.com/blog/the-pain... · Posted by u/qianli_cs
hn_throwaway_99 · 5 months ago
> A few days ago, someone compromised a popular GitHub Action. The response? "Just pin your dependencies to a hash." Except as comments also pointed out, almost no one does.

I used GitHub actions when building a fin services app, so I absolutely used the hash to specify Action dependencies.

I agree that this should be the default, or even the required, way to pull in Action dependencies, but saying "almost no one does" is a pretty lame excuse when talking about your own risk. What other people do has no bearing on your options here.

Pin to hashes when pulling in Actions - it's much, much safer

smpretzer · 5 months ago
I have been using renovate, which automatically pins, and updates, hashes. So I can stay lazy, and only review the new hash when a renovate PR gets opened: https://docs.renovatebot.com/modules/manager/github-actions/...
smpretzer commented on "We're building a new static type checker for Python"   twitter.com/charliermarsh... · Posted by u/shlomo_z
jasonpeacock · 7 months ago
It's hard to find details...apparently it's code named "red knot" (or "red_knot").

Here's the github issues filter linked in the screenshot:

https://github.com/astral-sh/ruff/labels/red-knot

And the best answer/description of what the type checker will be:

https://github.com/astral-sh/ruff/discussions/15149

smpretzer · 7 months ago
Another useful issue filter: https://github.com/astral-sh/ruff/milestone/20
smpretzer commented on A story on home server security   raniseth.com/blog/2025-01... · Posted by u/todsacerdoti
AlgebraFox · 8 months ago
Tailscale is a great solution for this problem. I too run homeserver with Nextcloud and other stuff, but protected behind Tailscale (Wireguard) VPN. I can't even imagine exposing something like my family's personal data over internet, no matter how convenient it is.

But I sympathize with OP. He is not a developer and it is sad that whatever software engineers produce is vulnerable to script kiddies. Exposing database or any server with a good password should not be exploitable in any way. C and C++ has been failing us for decades yet we continue to use such unsafe stacks.

smpretzer · 8 months ago
I just switched to Tailscale for my home server just before the holidays and it has been absolutely amazing. As someone who knows very little about networking, it was pretty painless to set up. Can’t really speak to the security of the whole system, but I tried my best to follow best practices according to their docs.
s

u/smpretzer

KarmaCake day20September 6, 2023View Original