I don’t see where he admits what the headline claims.

I don’t see where in the article he “admits” what the headline claims.

I ran mine like this for years. Then a few weeks ago I installed Immich so we can browse photos directly from the NAS on our phone. That’s how it will stay. I don’t want it to turn into an application server.

Yeah, and this particular vulnerability is pretty obvious for even a moderately experienced developer. You’d really have to be pasting without thinking to let this one slip by.

That’s the point though: LLMs recycle junk information, including some potentially dangerous information, without any indication of the context. In a regular search of the web or of Stack Overflow, you’d probably see people commenting on how the code is vulnerable, but when you ask an LLM it doesn’t necessarily communicate that while still delivering the code.

Rust’s compiler is more picky than most, but is really impressive in how it explains the errors and advises on how to fix them. It’s a really good feature of Rust.

At one job I worked, no one could get a usable wifi signal. I snuck into the server room and found the networking guy had put the wifi access point inside a Faraday cage with the servers. So I took it out. The wifi worked after that.

It usually works, but it takes a few minutes to reprocess the files if your project or solution is big.

In the JetBrains IDEs (which, relatively speaking, I like), I have to use “Invalidate caches and restart” several times a day just to get past all the incorrect error highlighting.

You should refer to Visual Studio by its full title: “Visual Studio (not responding)”.

For personal use? I never do anything that would qualify as “auditing” the code. I might glance at it, but mostly out of curiosity. If I’m contributing then I’ll get to know the code as much as is needed for the thing I’m contributing, but still far from a proper audit. I think the idea that the open-source community is keeping a close eye on each other’s code is a bit of a myth. No one has the time, unless someone has the money to pay for an audit.

I don’t know whether corporations audit the open-source code they use, but in my experience it would be pretty hard to convince the typical executive that this is something worth investing in, like cybersecurity in general. They’d rather wait until disaster strikes then pay more.

The company now operates in 12 countries and employs around 20 people.

That sounds like hard work.

Obsidian’s only downside is that it’s closed source, but this is a big downside for some people.

Yes, Joplin achieves everything this proposal does and more.

I think you accidentally dropped your mic.

That sounds good, but when you start thinking about how to implement this practically, it seems like it would either be unfeasible or would fail to really address the problem.

Maybe the rule would be: Unicode is allowed only in resource files. It would make code comments awkward for many non-English-speaking programmers. But suppose you did it, then since URLs can include Unicode, it would become normal to put URLs in resource files. If the VCS flagged up Unicode commits in source code, it would have to give resource files a pass. So in any case where you’re not hardcoding a URL it wouldn’t flag up Unicode URL abuses like the one illustrated here. You wouldn’t really have fixed the problem, just hidden it in a different way. You’d still need to flag up ambiguous Unicode characters in resource files.

I just have the regular subscription. I wouldn’t pay for the lifetime one. I want to support them but I am not confident enough that they’ll be around for the long term since video hosting is a hard business to make money from.

I have stopped buying lifetime subscriptions to cloud services unless they pay off within a year or two since you can’t guarantee that they’ll be honoured. Any longer and you stand to lose too much money.

The LLM isn’t trained to be reliable, it’s trained to be confident.

And it’s promoted by business people with the exact same skill set who have been rewarded for it. I would argue though that there’s nothing wrong with what LLMs are doing: they’re doing what they were trained to do. The con is in how the confidently unreliable techbros sell it to us as a source of knowledge and understanding akin to a search engine, when it’s nothing of the sort.

Stadia was actually a good product

That’s how Google decides which ones to kill off.