This reminds me of some ways Microsoft used to try catching/dissuading leakers. If someone could find a source for these..
The Xbox 360's dashboard used to have 'aesthetic' rings that actually encoded your serial number, so they could catch leakers
I think I remember hearing somewhere (maybe Dave's Garage) about beta builds of Windows using intricate patterns as wallpapers to trick people into thinking it was also a leak prevention measure.
That’s orders of magnitude faster, especially if we assume they’re not running their workloads on potatoes like mine. Is Ruby’s syntax really that much more complicated than C++, or is this a tooling problem?
I don't think the post necessarily means it took multiple hours to format the codebase, I think they're probably just saying they worked on it off-hours and landed it while no one was working so that it didn't run into merge conflicts.
iirc they also vendor(ed) many of their dependencies, several layers deep, which still counts for "stores" though it's rather different than "wrote" / "maintains".
That sounds even more insane to me, but I guess most of that code does not really touch financial transactions, otherwise it would be a nightmare being responsible to verify that.
Ruby code touches financial transactions. Card payments were migrated to Java when I left in 2022. Non-card payments (e.g., ACH, checks, various wallets) were still processed by Ruby.
PCI-related/vaulting code lived in its own locked-down repo. I think that was a mix of Go and Ruby.
Once you have the foundations in place for account balances and the ledger, processing a payment isn’t that daunting. Those foundations, however, took a lot to build and evolve.
> Once you have the foundations in place for account balances and the ledger, processing a payment isn’t that daunting. Those foundations, however, took a lot to build and evolve.
Pretty much. I've worked at places with PHP payment processing that worked just fine, and at a place with C++ payment processing (and no testers) and it worked just fine. I wasn't around when the systems were first built though so not sure if there were tears along the way.
I recently wrote a very esoteric Python script. 100 lines of code. No classes, no functions, but yes argparse.
I've tried out the latest open source models on the task. They go bananas. It's like Enterprise fizzbuzz (https://github.com/enterprisequalitycoding/fizzbuzzenterpris...). They love classes and imports and reinventing the wheel. A great way for me to tell trash AI slop code is it'll define a useful constant then 15 lines later do it again with a different name.
They love making code that looks impressive. "Wow look at all the classes and functions. It's so scalable. It's so dynamic. It validates every minutae against multiple schema and solves a problem I never thought about." But it was trash code. One really was 400 lines and it didn't even look like it would work. Can't even imagine what it means for 4.5M moderately good human lines to become what? 27M fluffy filler repeat lines that don't even make sense?
Yeah maybe I need to do the old "you are a veteran engineer" nonsense. I've had some success telling it to implement everything it suggests and be production ready. I hate when it takes a shortcut and says I'll have to change it. That's kinda the whole point of me not writing the code...
Unless I’m mistaken, it’s a monorepo. So it’s not 25M LoC in a single app, it’s (all?) of their server-side code and shared libraries. There’s also a variety of other languages in use.
16 years and thousands of engineers write a lot of code.
International Baccalaureate math has some stats questions that require a calculator that can do stats questions. Not really possible by hand in exam conditions!
My Casio FX-260 Solar IIs [1][2] (I recently bought 3 more of them) cost me $5 CAD a piece on clearance at Walmart. No battery, a modern solar panel that works great even in dimly lit rooms, and a modern SOC with all the standard scientific calculations, scientific notation, engineering notation, significant figures, and all the basic stats calculations too (sum, mean, pop stddev, sample stddev, permutations, combinations, factorials).
It’s my favourite calculator and the one I always reach for, despite having a bunch of more complicated 2-line calculators etc. It’s just so easy to use and very fast to do anything I’d want with a calculator. If I need graphing I’ll reach for Desmos. If I need algebra I’ll use Sage. I haven’t used Sage since my undergrad, however.
The basic $12 Casio scientific has stats like mean, standard deviation, regression... Stats is a huge field, we're talking highschool level. I think it probably covers it
Oh that’s neat! Probably should’ve checked your link. Not sure what the advantage of the Ti-84 would be for highschool math, but the UX on NumWorks calculators is completely a game changer, especially with stats and graphing questions.
Maybe everything is possible on the Casio, but it’s so much clearer on the NumWorks (especially for eg. Physics questions, where you might want to retrieve values you calculated earlier with full precision, etc). Genuinely felt like a cheat code when I was in highschool. I showed mine to my teacher and they swapped the whole’s schools standard calculators from the Ti-84 CE to the NumWorks, which is cheaper too.
I wonder if it makes sense for browser vendors to agree upon and ship various ‘standard models’ that are released into the public domain or something, and the API lets you pick between them.
The models themselves would be standardized and the weights and everything should be identical between browsers. They’d be standard and ‘web-safe’ like CSS colors or fonts. Probably would help to give them really boring/unbranded names too. These would work identically across browsers and web developers can rely on them existing on modern setups.
If you want more models, you could install them as a user or your browser could ship them or the web developers could bundle them through a CDN (and another standard for shared big files across domains would probably be needed)
It doesn't make sense at all. So as a user how do you choose which model to use? There could be 3824 models to choose from. The browser might as well set one as default, and we all know how that goes (see: search engine).
Not to mention many other UX questions the come with this, most importantly, how unusable these local models are on regular 3-year old laptops that are constrained in RAM, GPU/CPU capability and likely disk space despite what enthusiasts say here. (They have a Macbook Pro with 32+GB of RAM, reports it works great with xyz model -- fine -- but somehow thinks it works for everyone and local models are the future.)
The Chrome model requires either "16 GB of RAM or more and 4 CPU cores or more" or "Strictly more than 4 GB of VRAM", and "22 GB of free space" (it uses around 4.4GB but it doesn't want to use the remaining free space).
The model is pretty slow on my M4 Pro mac.
The API allows the browser to use a cloud service instead, but then privacy is lower. So, more privacy for the rich.
> It doesn't make sense at all. So as a user how do you choose which model to use? There could be 3824 models to choose from. The browser might as well set one as default, and we all know how that goes (see: search engine).
...what's the exact problem here? Believe it or not, most non-tech-savvy users use the search engine just fine.
With regards to search engines, Google paid billions of dollars [0] to become the default on major browsers. I guess GP's implying that something similar might happen with LLMs.
The rate of model development is an issue here. Once there are many cross-origin models, it becomes a fingerprinting vector. Also even the small models are many GBs.
I think initiatives for forge federation are trying to do too much. When running a forge for a project, I'd don't want to be dealing with spam or large amounts of data from other instances. And people should be able to report bugs and upload attachments, without having to give permission to share those with other instances.
A good system to download and migrate issues and pull requests is important, but that doesn't require federation.
I would love to see a smaller scoped federation of:
- Forks across instances, including for the purpose of PRs (Git)
- Activity feeds and notifications (Activity or ATproto)
- Authentication and some user settings (OAuth)
Because we are headed into a world where attacks on project hosting are more common, and loss of issues/PRs can halt a project while setting up an alternative and attempting to restore archived information.
The attacks span from forged DMCA takedowns, to national blocking orders, to suspicion that a contributor is from a sanctioned country (whether they still live there or not), to rogue project admins, and some other more creative attacks.
Project infrastructure should be distributed, with copies of data in as many computers as possible, across as many jurisdictions as possible.
It's easier and enables more features to have 1 common platform.
For example, the social features of GitHub, which I like (like stars, browsing repositories by tags etc..)
But also For PRs, the way to make a pull request to a repo hosted at A, from your own node hosted at B.
And like other commenters said, you can do this workflow with git over email like a lot of projects to, but the main goal of the federation here to me is the user experience, the UI being able to link all of theses separate repositories, issues, PRs, etc, like everything was hosted at the same place.
I don’t know if it’s production ready yet, but tangled.org is a really interesting take on a forge and I’ve been watching it for a while. It decentralizes the centralized parts of GitHub in a pretty neat way. The biggest problem with forges that aren’t GitHub is people need to make and manage all these different accounts for each place they contribute (which almost certainly will lower the amount of people who do. Maybe this is a good thing these days though...)
Tangled uses the identity stuff from atproto which lets the important stuff (git, CI, etc) be decentralized while people only need one identity to contribute (and you can self host your PDS too). So nothing ends up being reliant on a third party.
I'm also closely following Tangled's development. Their two biggest weak points: lack of private repositories and ux design (which I don't have a problem with but I've seen many people mention) are both being worked on. Atproto is developing a permissioned data segment to the protocol, and Tangled just hired a designer. I'm excited for it.
>manage all these different accounts for each place they contribute
For me that's a minor problem. The struggle of working across multiple code forges or making my code available on multiple is syncing CI/CD, issues, releases between them. I don't have the energy to maintain multiple versions of a pipeline.
maybe, but tangled knots actually federate. you could contribute to repos on knot.ghostty.org and knot.tangled.org with the same account. no other platform permits one identity across instances.
I think the key point is that it's one atproto login/did to many forges 1:N in tangled.org's "knots" network without the reliance on a single host provider/instance like GitHub/GitLab/whatever as a single point of failure.
The way linked SVGs render from within img tags is basically perfect for SVG images (which as I understand is not standardized but is largely the same across browsers). External resources and scripting are blocked while still rendering nearly all SVGs correctly. And of course, any CSS is scoped to the SVG.
If someone formalizes this as a new format, please give it a new name! tvg tiny vector graphics? savg safe vector graphics?
And keep the scope as simple as possible so it actually ships! Don’t try implementing a binary format or something.
Maybe I'm missing something as I am not a frontend developer, but when you embed SVGs in an img tag as part of a Phoenix LiveView or even just a static component, you no longer get the ability to dynamically change paths/fills/colors with events coming from the server. Even if it's as simple as having a shape that you want to fill with a brand/highlight color, which at least for me is a common use case.
I wonder if it would be best if this was at the browser level as some sort of new format. Otherwise surely it would be really slow/cumbersome to deal with these in ‘user space’
This feels like a lot of work for low reward, the technical/business infrastructure would be wild. And if anyone wants to offload their prompts to users browsers, they might as well just use the Chrome API correctly? How many server side prompts would realistically be useful to offload to a low end model like this?
Plus even if you really wanted to do that, WebGPU exists and has for a while right?
Low per-device reward combined with a high user count - either by large legitimate players or by botnets - has been the monetisation strategy of most online enterprises.
> How many server side prompts would realistically be useful to offload to a low end model like this?
There's a lot of ways this API could go, e.g. more powerful models eventually, or perhaps integration with cloud models. For example, I could see Google trying to default Gemini as the model for users signed into Chrome
I think we’ll get more powerful models when they become reasonable to run on regular people’s computers, in which case the compute costs would hopefully fall enough that people don’t need to resort to this kind of weird stuff.
As for cloud models, that would be interesting, although I guess then the fraud would be easier in spoofing whatever parameters (ip address? domain name? some Chrome install identifier?) to get around whatever rate limiting they come up with, rather than actually using people’s computers.
Anyways I’m sure if it ends up being abused, they can throw a permissions dialog in front of it. Just need to figure out a way to make normal people understand.
Personally I think NextPad would’ve been a perfectly acceptable (and subjectively better) name
reply