Readit News logoReadit News
weitendorf commented on Vendors that treat single sign-on as a luxury feature   sso.tax/... · Posted by u/vinnyglennon
neilv · 5 days ago
> Single sign-on (SSO) is a mechanism for outsourcing the authentication for your website (or other product) to a third party identity provider, such as Google, Okta, Entra ID (Azure AD), PingFederate, etc.

Or the IdP is administered by the enterprise's own IT operation.

The outsourcing of your security to (and also consequently leaking information to) a third party IdP is a fairly new phenomenon in 'security'.

Someone must have paid a lot of money to promote that idea.

weitendorf · 5 days ago
Why? It is a screaming good deal for >90% of companies to take as many problems like “employee credentials can be used to access user passwords”, “we need to develop, release, operate, and support something where small mistakes introduce security breaches + hire people capable of property doing that work”, and “if someone gets this private key they can use it to impersonate any user” off their plates as they can.

It’s good that Bob’s App Factory cares enough about security to hand off hard parts to Google for $X/mo if they’re not confident in their own ability to handle it better themselves. I trust Google more with my data than any other company in the world, including Bob’s. Bob’s a great guy but I doubt his IT department is reviewing every change in keycloak and preventing unilateral access to hmac keys.

weitendorf commented on Gartner's grift is about to unravel   dx.tips/gartner... · Posted by u/mooreds
weitendorf · 11 days ago
I think this assumes Gartner just coincidentally offer the right kind of branding and messaging to drive $100M+ technology spending decisions at the present time.

I have a feeling the people running such a successful marketing machine are smart enough to know that over time, decision makers' tastes and preferences will shift as younger generations age into their target audience. Maybe they won't be able to pull it off but I suspect they're well aware that millenials will be listening to something different from their conjoined triangles of success.

Lately I've been trying to reprogram myself to be more self-critical when I run into successful products that don't speak to my own personal tastes - it's really easy to just say "other people are stupid" but I don't think it's usually the full answer. Gartner is kind of like the technology Consumer Reports for F500 executives - it's not really any different from you looking at the rating breakdown for a vacuum cleaner or kitchen appliance back when Consumer Reports was the go-to source for product reviews.

Baby boomer executives are not stupid just because they couldn't tell you exactly how relational databases and Linux work. And it's gonna be a while until insanely busy and established 65 year olds start making significant purchasing decisions based on anime avatar tweets, so Gartner's audience definitely shouldn't be underestimated.

weitendorf commented on How well do coding agents use your library?   stackbench.ai/... · Posted by u/richardblythman
EGreg · 11 days ago
I guess that's why patents are annoying. I have been Mr. Open Source and against intellectual property for most of the past 15 years. But with AI companies rampantly taking everyone's work and repurposing it, and with VC companies not being very eager to invest in open source, I'm taking a different tack with my AI ventures.

My first two companies are radically open source, and no one cared:

https://github.com/Qbix

https://github.com/Intercoin

And this is what we're doing now with AI, but it's not going to be as open: https://engageusers.ai/deck.pdf

Don't worry, we're not looking to get into it with some random other projects. It's mostly to protect our business model against the Big Tech and enterprises.

weitendorf · 11 days ago
I think I gave you product feedback on Qbix at some point in the past. I also know several founders who’ve secured funding for open source products and built successful businesses off of them. Open-core is pretty popular out here in the Bay Area.

One thing I’ve learned since staring a company is that early on, your greatest asset is trust in your founder/brand, because it’s the only reason for someone to pay you for something until you get your shit together. I’ve personally had a hard time noticing it in myself sometimes, but I think it’s easy to overlook how outward signaling that might look like distrust (eg making users sign NDAs) damages your own ability to build trust. Since early startups tend to be considered untrustworthy by default it can be really counterproductive. Anyway, I appreciate your non-aggression policy

weitendorf commented on A case study in bad hiring practice and how to fix it   tomkranz.com/blog1/a-case... · Posted by u/prestelpirate
ch33zer · 11 days ago
I mean it's the law in California that job postings must include salary ranges since 2023, so it's more than 'boy sure would be nice if I knew the pay range before applying': https://www.cda.org/newsroom/employment-practices/pay-scale-...
weitendorf · 11 days ago
And the article is about Canonical making multiple job postings all around the world where California labor laws aren’t applicable…

Regardless, I think there are underrated issues with mandatory pay bands that aren’t obvious unless you’re on the hiring side. Let’s say you legitimately are open to hiring candidates from anywhere from $100k to $300k. For candidates closer to the $300k end they might not want to apply if they think they might get offered way less than they want, and it might attract a lot of candidates on the $100k end who will make it all the way through the process and then get upset when they’re not offered something closer to $300k. Also, for companies like Canonical, they have enough name recognition and genuine supporters that they probably don’t want to talk to candidates who are only applying because they saw a big number (and if they have to, it makes harder for candidates that are better fits to get noticed).

There’s understandably a lot of strong feelings about hiring practices right now and I know a lot of candidates will tend to assume the worst because of how they’ve been treated by other companies. But sometimes companies just make multiple listings so they show up for candidates around the world instead of as a spam tactic, are flexible on salary, and have a culture that values different things.

weitendorf commented on A case study in bad hiring practice and how to fix it   tomkranz.com/blog1/a-case... · Posted by u/prestelpirate
weitendorf · 11 days ago
FTA: Also, there is no target salary or salary range. This is a red flag for a couple of reasons:

- It sends a message that the actual compensation is going to be rubbish.

- It sends a message (combined with the evidence from the advert spamming) that the hiring company will be paying different levels of compensation based on where the applicant lives.

That last one is particularly inexcusable. We call it a 'compensation package' for a reason: the employer is compensating the employee for using their expertise, time, and energy to make the employer money. It has nothing to do with the CoL where you live, and everything to do with how much the company values you in that role.

——-

While I mostly agree with the sentiment I think this is pretty normal and not nearly as much of a faux pas as the author is making it out to be. Kinda applies to a lot of his points - some of these aren’t unequivocally bad hiring practices, they are just polarizing or a matter of pros and cons.

Hot take: a lot of job openings for highly specialized skills or from small-medium sized businesses are not posted with specific salary bands in mind, just “as much as it takes to get a great candidate, but not more than their expected value”. In some cases you could legitimately be open to candidates costing anywhere between $80k and $500k - it looks weird to list a job that way, would you do it? Maybe it turns some candidates off, maybe it prevents scaring off candidates who would be great fits and accept the offer. Maybe it’s not worth getting upset about

weitendorf commented on How well do coding agents use your library?   stackbench.ai/... · Posted by u/richardblythman
9rx · 11 days ago
What do coding agents need my library for?

Don't they know how to write their own code? Isn't that a coding agent's entire purpose in life?

There must be conflicting definitions out there. What does "coding agent" mean in this context?

weitendorf · 11 days ago
Why did my engineering team handle payments through Stripe instead of building a custom payment processor? Aren’t they supposed to be engineering things?
weitendorf commented on How well do coding agents use your library?   stackbench.ai/... · Posted by u/richardblythman
bcrosby95 · 11 days ago
It's a neat idea. But if, as we're told, LLMs will get better and better, something like this, in theory, will be increasingly unnecessary.

I feel like most of the problems with AI using a library is how we mix code and implementation. C, C++ got it right (even if by accident) with separating specification from implementation.

Instead of lamenting the design trend of not maintaining this split, for my own code I wrote a utility to extract specifications from my existing code.

weitendorf · 11 days ago
Respectfully, I disagree. It is much faster and cheaper to direct an LLM to add a call to a battle-tested library that encapsulates complex logic than it is to design and implement that logic from scratch, even if it’s capable of that.

We’re betting on almost the exact opposite idea: we can make agentic software engineering cheaper and more reliable by making it easy for LLMs to write, find, and integrate libraries and other third party software.

weitendorf commented on How well do coding agents use your library?   stackbench.ai/... · Posted by u/richardblythman
EGreg · 11 days ago
I made a provisional patent this year, about how exactly I would solve this problem. Imagine hiring a "team of developers" who can learn your library and iterate 24/7, improving things, doing support, even letting the pointy-haired boss turn his ideas into reality in a forked sandbox on the weekend.

For the last 15 years I've been writing against software patents, and producing open source software that cost me about $1M to develop, but in the case of AI, I have started to make an exception. I have also rethought how I am going to do open source vs closed source in my AI business. A few weeks ago I posted on HN asking whether it's a good idea, and no one responded: https://news.ycombinator.com/item?id=44425545

(If anyone wants to work with me on this, hit me up, email is in my profile)

weitendorf · 11 days ago
I hope we don’t have to challenge it!

We’re trying to build a similar kind of experience but for both “sides” of the problem: software provider and software users/integrators.

weitendorf commented on How well do coding agents use your library?   stackbench.ai/... · Posted by u/richardblythman
richardblythman · 11 days ago
If coding agents are the new entry point to your library, how sure are you that they’re using it well?

I asked this question to about 50 library maintainers and dev tool builders, and the majority didn't really know.

Existing code generation benchmarks focus mainly on self-contained code snippets and compare models not agents. Almost none focus on library-specific generation.

So we built a simple app to test how well coding agents interact with libraries: • Takes your library’s docs • Automatically extracts usage examples • Tasks AI agents (like Claude Code) with generating those examples from scratch • Logs mistakes and analyzes performance

We’re testing libraries now, but it’s early days. If you're interested: Input your library, see what breaks, spot patterns, and share the results below.

We plan to expand to more coding agents, more library-specific tasks, and new metrics. Let us know what we should prioritize next.

weitendorf · 11 days ago
Let’s meet and see if it might make sense for us to team up. We’re working on this from the agent/library-specific-task side, and we might be better than chatgpt at marketing your product :)
weitendorf commented on How well do coding agents use your library?   stackbench.ai/... · Posted by u/richardblythman
weitendorf · 11 days ago
We’ve been working on this problem off and on for over a year now. Many models bake knowledge of particular tools/libraries/patterns into their weights very well and others quite poorly. In my experience Claude is quite good at integrating the dog.ceo API and noticeably ignorant when it comes to Postgres features, and it knows gcloud commands enough to very confidently and consistently hallucinate arguments.

We’ve baked a solution to this into our product, so if anybody is working on an API/SDK/etc feel free to contact me if your users are running into problems using LLMs to integrate them.

One thing we’ve noticed is that subtle changes to library/api integration prompts’ context can be surprisingly impactful. LLMs do very well with example commands and explicit instructions to consider X, Y, and Z. If you just dump an API reference and information that implicitly suggests that X, Y, and Z might be beneficial, they won’t reliably make the logical leaps you want them to unless you let them iterate or “think” (spend more tokens) more. But you can’t as easily provide an example for everything, and the ones you do will bias the models towards them, so you may need a bit of both.

w

u/weitendorf

KarmaCake day807December 3, 2019
About
Fred Weitendorf

Founder at Accretional (accretional.com). Hit me up if you want to try a new way to use LLMs to write and call software, or if using cloud products regularly pisses you off.

Formerly at Google where I worked on Serverless Computing (making your instance and requests go brr) for Google Cloud Functions + Cloud Run + AppEngine. Extra formerly at Microsoft.

Opinions my own. I am not a lawyer or financial advisor. UNDER PENALTY OF LAW TAG NOT TO BE REMOVED EXCEPT BY CONSUMER

contact: firstname at accretional.com, or https://www.linkedin.com/in/fred-weitendorf-40b505b6/

View Original