tomjen3 (u/tomjen3) - Readit News

tomjen3 commented on Advent of Code 2025 adventofcode.com/2025/abo... · Posted by u/vismit2000

fainpul · 14 days ago

Opinion poll:

Python is extremely suitable for these kind of problems. C++ is also often used, especially by competitive programmers.

Which "non-mainstream" or even obscure languages are also well suited for AoC? Please list your weapon of choice and a short statement why it's well suited (not why you like it, why it's good for AoC).

tomjen3 · 13 days ago

With AoC I think that its fine to pick a language that is not at all suited for the challenge. That can be half the fun.

I saw someone one Twitter use Excel.

tomjen3 commented on Addiction Markets thebignewsletter.com/p/ad... · Posted by u/toomuchtodo

shipman05 · a month ago

It feels like banning advertising for gambling would be a sweet spot between harm reduction and maintaining individual liberty.

Sports gambling ads have ruined sports media. State lottery ads are even worse. The government should not spend money to encourage its own citizens to partake in harmful activities.

tomjen3 · a month ago

May I suggest just requiring people to register what how much they want to gamble and then be locked into that. If you want to gamble for 100 usd per month, then you can't bet more than that. You should be able to set your own amount, but any changes should only be active from the next month.

This has minimum impact on personal liberty, and will almost eliminate problem gambling.

tomjen3 commented on Microsoft is plugging more holes that let you use Windows 11 without MS account theverge.com/news/793579/... · Posted by u/josephcsible

tomjen3 · 2 months ago

No Windows 11 anyway, since it can't run on my massive workstation class laptop...

At least I have since migrated to Mac, so I guess it can just stay win10 forever.

tomjen3 commented on Typst: A Possible LaTeX Replacement lwn.net/Articles/1037577/... · Posted by u/pykello

thiagowfx · 3 months ago

> If there isn't a package for something that I need (and, surprisingly often, there are packages for what I need, and excellent ones!), I find that I can just do it myself. Quickly.

(Serious question) With or without an LLM?

tomjen3 · 3 months ago

(not op)

I have had no luck with LLMs writing typst code. Normally its a better code writer than me, but the LLM (gpt4-o maybe?) hallucinated most of the document.

tomjen3 commented on A Postmark backdoor that’s downloading emails koi.security/blog/postmar... · Posted by u/ghuntley

zahlman · 3 months ago

> Are people really this oblivious

Last I checked, basic SQL injection attacks were still causing massive economic damage every year and are at or near the top of the OWASP list. SQL injection is essentially the result of unintentionally giving god-mode permission to a database by failing to understand how queries are built and processed. The... agency available to AI agents might not be all that obvious either.

tomjen3 · 3 months ago

I am going to disagree with that. SQL injection attacks are an example of the age old issue of mixing up input and instructions. Smash the stack is older than many software devs, but it was essentially the same problem - its an inherit issue with Von Neumann architecture.

This is also not an AI issue, or even an MCP issue. If the same issue had been in a client library for the Postmark API, it would likely have had a bigger impact.

What we need is to make it much more likely to get caught and go to prison for stuff like this. That will change things.

tomjen3 commented on Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised socket.dev/blog/ongoing-s... · Posted by u/jamesberthoty

tarruda · 3 months ago

AFAICT, the only thing this attack relies on, is the lack of scrutiny by developers when adding new dependencies.

Unless this lack of scrutiny is exclusive to JavaScript ecosystem, then this attack could just as well have happened in Rust or Golang.

tomjen3 · 3 months ago

That, and the ability to push an update without human interaction.

tomjen3 commented on Take something you don’t like and try to like it dynomight.net/liking/... · Posted by u/surprisetalk

palata · 3 months ago

Many things need to be understood to be appreciated.

For instance music: we tend to like what we know, and what we know is what we hear on the radio/everywhere we go. When people tell me they don't like jazz, I always find a jazz song they like. If they say they don't like rap music, I can always find one they like. Why? Maybe because it's closer to what they already understand (making it more accessible), or maybe it has been very popular and so they've already heard it countless times (in night clubs, on the radio, ...). Most people who dislike a whole music genre generally don't really understand it and haven't put any effort into it.

You don't like churches? Go to Notre-Dame in Paris, and have someone explain to you its architecture. How they built it, how you can date the parts of the church just from its architecture.

Don't get me wrong: it's possible to dislike stuff, and it's alright. But it's worth trying to understand before disliking.

tomjen3 · 3 months ago

I would have said no on Rap before Hamilton. I would like to know your goto for Jazz.

tomjen3 commented on AI models need a virtual machine blog.sigplan.org/2025/08/... · Posted by u/azhenley

ayende · 3 months ago

That is the wrong abstraction to think at. The problem is not _which_ tools you give the LLM, the problem is what action it can do.

For example, in the book-a-ticket scenario - I want it to be able to check a few websites to compare prices, and I want it to be able to pay for me.

I don't want it to decide to send me to a 37 hour trip with three stops because it is 3$ cheaper.

Alternatively, I want to be able to lookup my benefits status, but the LLM should physically not be able to provide me any details about the benefits status of my coworkers.

That is the _same_ tool cool, but in a different scope.

For that matter, if I'm in HR - I _should_ be able to look at the benefits status of employees that I am responsible for, of course, but that creates an audit log, etc.

In other words, it isn't the action that matters, but what is the intent.

LLM should be placed in the same box as the user it is acting on-behalf-of.

tomjen3 · 3 months ago

I don't think your benefit example is too much a problem in practice, we already have the access setup for that (ie its the same one for you).

For the other example, I think a nice compromise is to have the AI be able to do things only with your express permission. In your example it finds flights that it thinks are appropriate, sends you a notification with the list and you can then press a simple yes/no/more information button. It would still save you a ton of money, but it would be substantially less likely to do something dangerous/damaging.

tomjen3 commented on Agent Client Protocol (ACP) agentclientprotocol.com/o... · Posted by u/vinhnx

Disposal8433 · 3 months ago

You can't disagree with facts. Every time I try to give a chance to all those LLMs, they always use old APIs, APIs that don't exist, or mix things up. I'll still try that once a month to see how it evolves, but I have never been amazed by the capabilities of those things.

> with popular languages

Don't know, don't care. I write C++ code and that's all I need. JS and React can die a painful death for all I care as they have injected the worst practices across all the CS field. As for Python, I don't need help with that thanks to uv, but that's another story.

tomjen3 · 3 months ago

Add "Look up version 4 of the library, make sure to use that version".

My Python work has to be told we are using uv, and sometimes that I am on a mac. This is not that different to what you would have to tell another programmer, not familiar with you tools.

tomjen3 commented on Agent Client Protocol (ACP) agentclientprotocol.com/o... · Posted by u/vinhnx

Disposal8433 · 3 months ago

> Nowadays, it is better to write prompts

Very big doubt. AI can help for a few very specific tasks, but the hallucinations still happen, and making things up (especially APIs) is unacceptable.

tomjen3 · 3 months ago

Its surprisingly fine, as long as you allow the AI to iterate on its work. It will discover that it doesn't compile, and then maybe lookup the API and then it will most often fix it and move on.

AI is no more capable of reliably one shotting solutions that you are.