Readit News logoReadit News
vendiddy commented on Claude Advanced Tool Use   anthropic.com/engineering... · Posted by u/lebovic
jmward01 · a month ago
The Programmatic Tool Calling has been an obvious next step for a while. It is clear we are heading towards code as a language for LLMs so defining that language is very important. But I'm not convinced of tool search. Good context engineering leaves the tools you will need so adding a search if you are going to use all of them is just more overhead. What is needed is a more compact tool definition language like, I don't know, every programming language ever in how they define functions. We also need objects (which hopefully Programatic Tool Calling solves or the next version will solve). In the end I want to drop objects into context with exposed methods and it knows the type and what is callable on they type.
vendiddy · a month ago
Giving the AI an actual programming language (functions + objects) genuinely does seem like a good alternative to the MCP mess we have right now.
vendiddy commented on Claude Advanced Tool Use   anthropic.com/engineering... · Posted by u/lebovic
cerved · a month ago
Claude is pretty good at forgetting to run maven with -am flag, writing bash with heredocs that it's interpreter doesn't weird out on, using the != operator in jq. Maybe Claude has early onset dementia.
vendiddy · a month ago
Demented AIs running amock is just what we need in this day and age.
vendiddy commented on Why is Zig so cool?   nilostolte.github.io/tech... · Posted by u/vitalnodo
Raphael_Amiard · a month ago
I love systems programming language and have worked on the Ada language for a long time. I find Zig to be incredibly underwhelming. Absolutely nothing about it is new or novel, the closest being comptime which is not actually new.

Also highly subjective but the syntax hurts my eyes.

So I’m kind of interested by an answer to the question this articles fails to answer. Why do you guys find Zig so cool ?

vendiddy · a month ago
We've recently adopted Zig at a few systems at our company but I think maybe "cool" or "new" is the wrong metric?

I view Zig as a better C, though that might be subjective.

vendiddy commented on Kaitai Struct: declarative binary format parsing language   kaitai.io/... · Posted by u/djoldman
vitalnodo · 2 months ago
Can you share the link? I wonder also whether it uses comptine features.
vendiddy · 2 months ago
It is not yet ready but the master branch has an initial draft.

https://github.com/kaitai-io/kaitai_struct_compiler/commits/...

It would be premature to review now because there are some missing features and stuff that has to be cleaned up.

But I am interested in finding someone experienced in Zig to help the maintainer with a sanity check to make best practices are being followed. (Would be willing to pay for their time.)

If comptime is used, it would be minimal. This is because code-generation is being done anyway so that can be an explicit alternative to comptime. But we have considered using it in a few places to simplify the code-generation.

vendiddy commented on Environment variables are a legacy mess: Let's dive deep into them   allvpv.org/haotic-journey... · Posted by u/signa11
jkrejcha · 2 months ago
Until when? Secrets in applications in many cases (I would probably wager majority of the cases) are only useful if they're in plaintext at some point, for example if you're constructing a HTTP client or authenticating to some other remote system.

As far as high-level language constructs go, there were similarish things like SecureString (in .NET) or GuardedString (in Java), although as best as I can tell they're relatively unused mostly because the ergonomics around them make them pretty annoying to use.

vendiddy · 2 months ago
Just seeing this now.

The thinking was to minimize the the places where a secret could leak. So with an HTTP client, I would think at the lowest layer possible.

I don't think of it as a way to eliminate secrets leaking. More-so reducing the surface area of accidental leaks.

vendiddy commented on Kaitai Struct: declarative binary format parsing language   kaitai.io/... · Posted by u/djoldman
ginko · 2 months ago
No pure C backend?
vendiddy · 2 months ago
It's not C but we have sponsored a Zig target for Kaitai. If anyone reading this knows Zig well, please comment because would love to get a code review of the generated code!
vendiddy commented on Environment variables are a legacy mess: Let's dive deep into them   allvpv.org/haotic-journey... · Posted by u/signa11
rsyring · 2 months ago
Environment variables are often used to pass secrets around. But, despite its ubiquity, I believe that's a bad practice:

- On Linux systems, any user process can inspect any other process of that same user for it's environment variables. We can argue about threat model but, especially for a developer's system, there are A LOT of processes running as the same user as the developer.

- IMO, this has become an even more pronounced problem with the popularity of running non-containerized LLM agents in the same user space as the developer's primary OS user. It's a secret exfiltration exploiter's dream.

- Environment variables are usually passed down to other spawned processes instead of being contained to the primary process which is often the only one that needs it.

- Systemd exposes unit environment variables to all system clients through DBUS and warns against using environment variables for secrets[1]. I believe this means non-root users have access to environment variables set for root-only units/services. I could be wrong, I haven't tested it yet. But if this is the case, I bet that's a HUGE surprise to many system admins.

I think ephemeral file sharing between a secret managing process (e.g. 1Password's op cli tool) and the process that needs the secrets (flask, terraform, etc.) is likely the only solution that keeps secrets out of files and also out of environment variables. This is how Systemd's credentials system works. But it's far from widely supported.

Any good solutions for passing secrets around that don't involve environment variables or regular plain text files?

Edit: I think 1Password's op client has a good start in that each new "session" requires my authorization. So I can enable that tool for a cli sessions where I need some secrets but a rogue process that just tries to use the `op` binary isn't going to get to piggyback on that authorization. I'd get a new popup. But this is only step 1. Step 2 is...how to share that secret with the process that needs it and we are now back to the discussion above.

1: https://www.freedesktop.org/software/systemd/man/latest/syst...

vendiddy · 2 months ago
Not an answer, but I do wish there was a low level primitive and a corresponding high level language construct to pass around secrets.

Something like: my_secret = create_secret(value)

Then ideally it's an opaque value from that point on

vendiddy commented on Ask HN: Abandoned/dead projects you think died before their time and why?    · Posted by u/ofalkaed
mikewarot · 2 months ago
Google wave was built on an awesome technology layer, and they they totally blew in on the user interface.... deciding to treat it as a set of separate items instead of a single document everyone everywhere all at once could edit.... killed it.

It make it seem needlessly complicated, and effectively erased all the positives.

vendiddy · 2 months ago
I think this is spot on. A document metaphor would have made a Wave a lot easier to understand.
vendiddy commented on What is “good taste” in software engineering?   seangoedecke.com/taste/... · Posted by u/olayiwoladekoya
imiric · 3 months ago
> You break up things when it makes sense, not for the sake of it.

I never claimed otherwise.

> Having to jump out of the code you're reading comes with its own downsides and tends to compromise maintainability where you are increasing the shallowness of your code (higher api surface).

I don't buy this argument. The code you're reading should do one thing according to what it says on the tin (the function name). When the code does something else, you navigate to that other place (easily done in most IDEs), and change contexts. This context change is important, since humans struggle with keeping track of a lot of it at once. When you have to follow a single long function, the context is polluted with previous functionality, comments, variables, and so on, not unlike the scope of the program at that point. If you're changing the code, it becomes easier to shadow a previous variable, or to change something that subsequent code depends on. Decomposing the large function into smaller ones avoids all of this.

As well as aiding in testability, which you conveniently ignored from my previous comment.

The criteria for determining what is "short" and "long" is subjective, of course, and should be determined by whatever the team collectively agrees on. But there should be some accepted definition of these.

> Stanford professor Jon Ousterhout

Eh, I'm not swayed by arguments from authority. Jon's opinion is as valid as mine or yours.

vendiddy · 3 months ago
If you are breaking something up for "long" and "short" you're optimizing for the wrong thing. You don't care about code being short for its own sake or long for its own sake right?

Ultimately, you're going to revisit this code to make the change after some time passes. Is it easy to follow the code and make the change without making mistakes? Is it easy for someone else on the team to do the same?

Sometimes optimizing for "easy to understand and change" means breaking something apart. Sometimes it means combining things. I've read that John Carmack would frequently inline functions because it was too hard to follow.

So, rather than whether something is big or too small, I would ask whether it would be easy to understand/change when coming back to it after a few months.

Put another way: why not optimize for the actual thing you care about rather than an intermediate metric like LOC?

vendiddy commented on An adventure in writing compatible systems   turso.tech/blog/an-advent... · Posted by u/ezekg
rawxtl · 4 months ago
I don't even understand the point in rewriting something that is rock solid. And on top of that you guys are asking for full compatibility. This is just nonsense.
vendiddy · 4 months ago
I think it's a valid question, but it's better to assume they had their reasons and try to understand why before drawing conclusions.
v

u/vendiddy

KarmaCake day524June 13, 2012View Original