That's definitely compelling, but not something we have in mind for the immediate future. Let me know if you end up building something here!
I'm currently working on it :)
See you in two weeks I hope
Readit Newstemuze commented on Snowflake Arctic Instruct (128x3B MoE), largest open source model replicate.com/snowflake/s... · Posted by u/cuuupid
Wow, 128 experts in a single model. That's a lot more than everyone else. The Snowflake team has a blog post explaining why they did that:
https://www.snowflake.com/blog/arctic-open-efficient-foundat...
But the most interesting aspect about this, for me, is that every tech company seems to be coming out with a free open model claiming to be better than the others at this thing or that thing. The number of choices is overwhelming. As of right now, Huggingface is hosting over 600,000 different pretrained open models.
Lots of money has been forever burned training or finetuning all those open models. Even more money has been forever burned training or finetuning all the models that have not been publicly released. It's like a giant bonfire, with Nvidia supplying most of the (very expensive) chopped wood.
Who's going to recoup all that investment? When? How? What's the rationale for releasing all these models to the public? Do all these tech companies know something we don't? Why are they doing this?
---
EDIT: Changed "0.6 million" to "600,000," which seems clearer. Added "or finetuning".
In the short-term, these kinds of investments can hype up a stock and create a small bump.
However, in the long-term, as the hype dies down, so will the stock prices.
At the end of the day, I think it will be a transfer of wealth from shareholders to Nvidia and power companies.
temuze commented on Maybe getting rid of your QA team was bad davidkcaudill.medium.com/... · Posted by u/nlavezzo
I strongly disagree.
I worked at a company with a world-class QA team. They were amazing and I can't say enough nice things about them. They were comprehensive and professional and amazing human beings. They had great attention to detail and they catalogued a huge spreadsheet of manual things to test. Engineers loved working with them.
However -- the end result was that engineers got lazy. They were throwing code over to QA while barely testing code themselves. They were entirely reliant on manual QA, so every release bounced back and forth several times before release. Sometimes, we had feature branches being tested for months, creating HUGE merge conflicts.
Of course, management noticed this was inefficient, so they formed another team dedicated to automated QA. But their coverage was always tiny, and they didn't have resources to cover every release, so everyone wanted to continue using manual QA for CYA purposes.
When I started my own company, I hired some of my old engineering coworkers. I decided to not hire QA at all, which was controversial because we _loved_ our old QA team. However, the end result was that we were much faster.
1. It forced us to invest heavily on automation (parallelizing the bejesus out of everything, so it runs in <15min), making us much faster
2. Engineers had a _lot_ of motivation to test things well themselves because there was no CYA culture. They couldn't throw things over a wall and wash their hands of any accountability.
We also didn't have a lack of end-to-end tests, as the author alludes to. Almost all of our tests were functional / integration tests, that run on top of a docker-compose set up that simulated production pretty well. After all, are unit tests where you mock every data source helpful at all? We invested a lot of time in making realistic fixtures.
Sure, we released some small bugs. But we never had huge, show stopping bugs because engineers acted as owners, carefully testing the worst-case scenarios themselves.
The only downside was that we were slower to catch subtle, not-caught-by-Sentry bugs, so things like UX transition weirdness. But that was mostly okay.
Now, there is still a use case for manual QA -- it's a question of risk tolerance. However, most applications don't fit that category.
temuze commented on What’s in a PR statement: LastPass breach explained palant.info/2022/12/26/wh... · Posted by u/saikatsg
Can someone point out a big flaw in my password management system? I have always felt kinda dumb for not using a PW manager but my system has worked for the last ~10+ years and I have never had any issues.
I memorized a small function that takes the product name as input and spits out a password. it achieves the goal of having a unique pw for every service without having to write anything down (in software or on paper). I had to amend it to account for some services that require you to reset your password to a new one and for sites with annoyingly specific password formats (i.e. 3 special chars).
I used to do a similar thing, then I realized it was a potential problem.
Let's say you have an account at AcmeCo. Let's say AcmeCo has a breach and I can see your password hash. Let's say the company uses a weak password hash (e.g. MD5), or no salt and it's easy to reference a rainbow table.
From this rainbow table, I can look up your hash and see that your password is "lulzSecret2$AcmeCo".
Now let's say you're in another leak from BetaCo. Similar situation -- I see that your password is "lulzSecret2$BetaCo2". Maybe the two is because you were forced to rotate your password once.
It doesn't take a genius to guess what your algorithm is.
But we can take it another level. Maybe I'll try all the major banks and guess passwords using your algorithm ("lulzSecret2$bofa", "lulzSecret2$chase"). Most banks require 2fa, but most of the time they keep it to text-based 2fa.
If I know your phone number from one of the breaches (happens all the time), maybe I can hijack your SIM card (this also happens all the time) and boom, I'm into your bank account.
temuze commented on Blitz.js – Fullstack Toolkit for Next.js blitzjs.com/... · Posted by u/davidbarker
Reading the docs, I'm a fan of your authentication / session management. When anyone pushes JWTs on me, I get sad. Session revoking is a necessary part of any authentication system and making a Redis call doesn't take that long.
However, the downside of custom session managers is that other services might not be able to read/write the created session. For example, I'm currently to get off of Express and onto Fastify. Unfortunately, @fastify/session isn't perfectly compatible with express-session (although I'm working on it). I would have a similar issue if I introduced Next.js + Blitz... Sometimes, I wish there was a shared protocol for sessions between languages/libraries!
As an aside, this is the first time I've heard about Flightcontrol. Super impressed! The biggest con of something like Vercel is that you can't be on your own AWS VPC. An RDS instance with a public IP address (which Vercel's docs endorse) is a dealbreaker for me.
But... wouldn't a Terraform module accomplish something similar? Our own stack is something like Codepipeline + Fargate + ALB + Cloudwatch + Cloudfront and we basically just forked https://github.com/cloudposse/terraform-aws-ecs-web-app
temuze commented on Blitz.js – Fullstack Toolkit for Next.js blitzjs.com/... · Posted by u/davidbarker
Reading the docs, I'm a fan of your authentication / session management. When anyone pushes JWTs on me, I get sad. Session revoking is a necessary part of any authentication system and making a Redis call doesn't take that long.
However, the downside of custom session managers is that other services might not be able to read/write the created session. For example, I'm currently to get off of Express and onto Fastify. Unfortunately, @fastify/session isn't perfectly compatible with express-session (although I'm working on it). I would have a similar issue if I introduced Next.js + Blitz... Sometimes, I wish there was a shared protocol for sessions between languages/libraries!
This is a bold play, given their security track record.
Open S3 Buckets as a service
Sorry, it's been a while, I forget :(
We had to balance between making the files too big (which would be slow) and making them too small (too many lambdas to start)
I _think_ they were around ~10 GB each, but I might be off by an order of magnitude.
Oops I was totally wrong: https://twitter.com/rclmenezes/status/1529278214346051584?s=...
curious: how large was each compressed s3 sqlite db?
Sorry, it's been a while, I forget :(
We had to balance between making the files too big (which would be slow) and making them too small (too many lambdas to start)
I _think_ they were around ~10 GB each, but I might be off by an order of magnitude.
No polecats smh