Most of the time I find the pros of not mutating variables out weight any potential memory / performance gain, of course it depends on what you're doing, but I find it rare other than perhaps scientific related code.
Readit Newsutbabya commented on Performance hacks for faster Python code blog.jetbrains.com/pychar... · Posted by u/ashvardanian
utbabya commented on Nobel Prize in Physiology or Medicine 2025 nobelprize.org/prizes/med... · Posted by u/lode
Am I the only one who see the title immune system suppression and think weapon?
"Outbound network connection at npm install" is just one of many ways malware in NPM package can manifest itself.
E.g. malware might be executed when you test code which uses the library, or when you run a dev server, or on a deployed web site.
The entire stack is built around trusting a code, letting it do whatever it wants. That's the problem.
Trust is hard, it all comes down to trust no matter what you do. The more general idea is sandboxed build, it doesn't eliminate all problems but one class.
Blog author company's runner detects anomalies in them, but we shouldn't need a product for this.
Detecting outbound network connection during an npm install is quite cheap to implement in 2025. I think it comes down to tenant and incentives, if security is placed as first priority as it should, for any computing service and in particular for supply chain like package management, this would be built in.
One thing that comes to mind that would make it a months long deabte is the potential breakage of many packages. In that case as a first step just make an eye catching summary post install, with gradual push to totally restriction with something like a strict mode, we've done this before.
Which, reminds me of another long standing issue with node ecosystem toolings, information overload. It's easy to bombard devs with thesis character count then blame them for eventually getting fatigue and not reading the output. It takes effort to summarize what's most important with layered expansion of detail level, show some.
Given the 2.1kg after detaching the graphic module and the seemingly large battery capacity for on the go sessions, it's so close to a laptop that fits all my use cases.
Although from what I've read 8GB of VRAM seems insufficiently near-future proof, so I've always been eyeing 5070ti+ laptops. I wonder if there's any technical blocker that prevents offering 5070ti or the amd equivalent.
utbabya commented on StarDict sends X11 clipboard to remote servers lwn.net/SubscriberLink/10... · Posted by u/pabs3
Whatever is making plain HTTP requests in 2025 should be a cause of concern. Wouldn't it be nice to have a low resource daemon watching for common pitfalls alerting users so we eliminate or minimise classes of problems like this?
I think lots of windows antivirus come with features like this? Perhaps with vast crystalized kno eledge nowadays we can afford to create OSS system level package that offers some level of protection.
I might actually do it, any down side?
utbabya commented on I gave the AI arms and legs then it rejected me grell.dev/blog/ai_rejecti... · Posted by u/serhack_
Hey, I'm the author of the blog post. Thank you for submitting this. If you have any questions feel free to ask and please let me know how the writing was. It's one of my first posts so I'd like to improve
If they use any form of filtering / evaluation along the line of STAR, the positive way you chose to deal with it plus the outcome of it being a top post on HN should score you half the position already, good luck :)
> What prevents these companies from keeping a copy of that particular page, which I specifically disallowed for bot scraping, and feed it to their next training cycle?
What prevents anyone else? robots.txt is a request, not an access policy.
This honor system mostly worked at scale because interests align, which seems to be no longer the case.
Does information no longer wants to be free now? Maybe internet, just like social media was just a social experiment at the end, albeit a successful one. Thanks GenAI.
Interesting, DDoS in real life. Or rather slashdotting, since those are legitimate queries.
If I were Visa/Mastercard leadership I think at least part of me would be happy to see this blow up, long term wise. Hey it's not me pushing back now, it's prigs versus the people, with a much higher chance of legislation change come out of it. Which IMO is just in this case, common carrier status as it should have, open to judicial requested blockages based on laws that are draft by folks elected by the population.
We've a buncha RFCs specifying the architecture with three branches to deal with these problems in the most agreeable way to most people, as good as we could come up with as a species. Rather than drafting new RFCs without understanding the why those three branches needed to exist, how about patching them. Complete rewrite works too but that should incorporate all the crystalized knowledge in the legacy version, which we all know is hard.
utbabya commented on Evolving OpenAI's Structure openai.com/index/evolving... · Posted by u/rohitpaulk
I'd really love to talk to someone that both really believes this to be true, and has a hands-on experience with building and using generative AI.
The intersection of the two seems to be quite hard to find.
At the state that we're in the AIs we're building are just really useful input/output devices that respond to a stimuli (e.g., a "prompt"). No stimuli, no output.
This isn't a nuclear weapon. We're not going to accidentally create Skynet. The only thing it's going to go nuclear on is the market for jobs that are going to get automated in an economy that may not be ready for it.
If anything, the "danger" here is that AGI is going to be a printing press. A cotton gin. A horseless carriage -- all at the same time and then some, into a world that may not be ready for it economically.
Progress of technology should not be artitrarily held back to protect automateable jobs though. We need to adapt.
> At the state that we're in the AIs we're building are just really useful input/output devices that respond to a stimuli (e.g., a "prompt"). No stimuli, no output.
It was true before we allowed them to access external systems, disregarding certain rule which I forgot the origin.
The more general problem is a mix between the tradegy of the common; we have better understanding every passing day yet still don't understand exacly why LLM perform that well emergently instead of engineered that way; and future progress.
Do you think you can find a way around access boundaries to masquerade your Create/Update requests as Read in the log system monitoring it, when you have super intelligence?