* Posts by froggreatest

29 publicly visible posts • joined 10 Jan 2022

Pokémon GO was an intelligence tool, claims Belarus military official

froggreatest

The message is clear

All military personnel must switch to using conventional methods when searching for Pokemons.

Google-commissioned report claims early adopters already enjoying fruits of gen-AI labor

froggreatest

> According to NRG, 56 percent (1,405) of executives reported that gen AI had in some way bolstered their org's security posture <…>

> <…> with 39 percent of enterprises having not yet implemented the technology in production.

Sounds like anyone who uses gen AI think it makes the company secure. Unless those percentages are for different groups of people.

Software innovation just isn't what it used to be, and Moxie Marlinspike blames Agile

froggreatest

Beatiful words but

I like the man and he inspires me. My life chooces and the move towards improving the wand skills is partially influenced by him.

However I want to stress that nothing will change because majority does not care about the quality of software or its security when buying it. The incentives effectivy reward building features on top if each other. Nobody needs an engineer/developer that understands how packets traverse networks how memory works or how cryptography aids in authentication. Everyone just needs a React dev who can put a button in their UI or a dev who can add another API endpoint, or the one who can render responses from openai in the view.

Microsoft started prioritising security internally and dealing with the technical debt after recent failures. But if tgere will be no failures in 6 months who says this practice will be maintained? The same applies to other companies. The future is bleak.

Google guru roasts useless phishing tests, calls for fire drill-style overhaul

froggreatest

Still useful

You need to be able to monitor if your phishing awareness training is effective. In my megacorp we do mandatory training and we also get phishing emails. The training says “if you get X then report it in Y” so the regular phishing campaigns gives a measure of a variety of things. You see how many people reported, ignored and clicked after taking up training.

I do not know what happens to people who click the links though.

Local councils struggle with ill-fitting software despite spending billions with suppliers

froggreatest

councils do not like central gov

Multiple attempts have been made in the central gov already. But stop and think how many failures we had, most recent GDS and Verify, both good solutions IMO. There is no need to design anything in the gov at all, there are plenty off the shelf solutions that can be bought. The issues in the procurement process exist although there is a central digital marketplace.

Gov should sit down and draft standards to implement, then suppliers could develop against those without the fear of anticipating more logo/colour changes in the sales process.

froggreatest

Re: Problems and solutions not welcome

There are a couple of reasons why generalised solutions do not get to the market (I was developing software for LAs before):

- Sales process is lengthy (months to years) for each LA meaning you need a bunch of salespeople

- By the time you scale to 10 LAs the legislation has a good chance of changing and your solution goes out the window

- There are not that many LAs so there is a hard growth cap for your product, repurposong for other markets is very difficult

- Councils like customisations and it is difficult to write software so that a lot can be changed. Think colours, branding, wording, Welsh might be necessary, one-off integrations with proprietary systems

- Folks working in councils “sometimes” do not understand their own processes well

- Integration usually needs to work without the involvement of their IT due to various issues like resource constraints and a difficult attitude to trying to solve issues

Google sues app devs, claims they're Play Store crypto scammers with 100k+ victims

froggreatest

Re: PlayStore

It feels like this approach Google took was to whitewash this issue. I mean will people even get their money back if Google wins? What about other scams?

Microsoft promises Copilot will be a 'moneymaker' in the long term

froggreatest

substandard?

> “… and people have very high expectations," he told an audience of investors

I think what he was saying that people want a good product and not just some semi finished crap bolted on openai’s api’s.

Also, the claim it saves 10 hrs a week is baseless. I’m using these various tools daily and their effectiveness is marginal, akin to being introduced to a typeahead in the search.

There is potential for sure, discounting all of the hype, but it will be acieved by some other company capable of building better products.

UK finance minister promises NHS £3.4B IT investment to unlock £35B savings

froggreatest

Re: NHS IT

Oh yes, it goes very slow and you need people on the ground to constantly persuade the folks and move the whole thing forward. Nothing can be done fast and there is a risk that some new legislation render everything useless. But once it is in place you get your 5 year contracts and the stable revenue stream and you can be proud of doing something useful.

I would not be that harsh towards salaried people though, the responsibilities are quite high and they could always earn more in the industry. The fact that they can get those “IT” people is interesting though. Aside from that I found IT departments in public orgs terrible anyway, they are probably understaffed and constrained by contracts but still …

GitHub struggles to keep up with automated malicious forks

froggreatest

Re: Forks have always annoyed me

I have a suspicion that the word “fork” was not used in the same sense as it is presented in GitHub. The smarter way would be to create a clone repository without the actual fork; this would hide that direct relationship with the parent repo.

Google wants regulators to take Microsoft down a notch before it stifles AI

froggreatest

The pot calling the kettle black

The arguments are weak indeed. Google is losing big time in this race and they are mad. I suspect MS wants to have an alternative model selection in their products to show they allow customers to choose, which is a good thing. Google’s problem is that they do not care about their enterprise customers so those shun them, MS on the other hand promises gold and wine and more.

Yes MS is leading their customers to the Azure quicksand but the same applies to all public clouds. Azure is not great IMO, there are better alternatives like Huggingface to choose and run the models.

Forcing AI on developers is a bad idea that is going to happen

froggreatest

it just does not work

Regardless if it is InteeliJ or some other IDE like VSCode this is nothing new. The ML was there for quite some time helping us with autocomplete and other little bits that make your typing work 1% easier. The big problem I find with the current wave of these integrations is that they do not work well with simple stuff like writing a dot after some variable and then waiting to get a list of public methods but instead getting a suggestion to write 77 lines of unrelated code.

The correctness argument is spot on. The suggestions require you to spend more time auditing, which is OK if you were writing it, but younger folks just trust it blindly.

Microsoft prices new Copilots for individuals and small biz vastly higher than M365 alone

froggreatest

Behaviour change is hard

The tools are useful for sure but this is like fiddling with “advanced options” in the application settings. One has to be very precise in their wording to get what they need. I know only a handful of people who are pedantic with text they write.

Another thing is that it requires a behaviour change which is extremely hard. Talking to the bot in the chat and asking it to fix the mistakes in its output adds a bunch of friction. All the time you need to tell it to be brief and concise to avoid generating a bunch of text that then needs to be read.

And the deal breaker are the safety features that prevent it from telling you how to do a petrol bmb or to tell an edgy joke, or how to write malware. Because why not?

Sandworm's Kyivstar attack should serve as a reminder of the Kremlin crew's 'global reach'

froggreatest

not enough talent

It is very difficult to understand what methods were used in the attack to gain such wide access. But more mitigations could have been applied long before. Nonetheless part of the problem is that telcos are not the ones offering a top dollar for the engineering talent, not to mention that a country is at war and rely on their internal capacity. Security is not just an expense anymore and more pros should be present in such companies.

Microsoft kills off Windows app installation from the web, again

froggreatest
Gimp

Re: In other news...

They are so focussed on their enterprise customers and usability of the legacy workarounds there is no resistance to some requests. Imagine VP asking you to enable this, just think of the promotion, bite the teeth, lalala.

Not even LinkedIn is that keen on Microsoft's cloud: Shift to Azure abandoned

froggreatest

Re: Big corp

I do have the experience and it is a bit more complicated. There are multiple reasons and one of them is that the incentives are aligned to favour new features and new products. Also, if a paying customer complains then mountains will be moved. Otherwise the amount of work you need to do and various checkboxes one needs to tick to fix some minor issue and roll it out globally is quite painful. “Bad people” exist but these days it is hard to slip something stupid into production due to many changes that happened in the past decade. To summarise it is a bit hard to iterate on a product in the big tech without substantial investment of energy, hence nobody fixes that annoying bug like a dropping bluetooth connection in Teams.

froggreatest

Re: Server

Another thing that might have caused it is the attrition of those people who know the systems inside out. The new ones are probably not able to and not willing to touch the old code. It is not like you will be able to brag about it or get some additional bonus/stocks for it.

Hundreds of thousands of dollars in crypto stolen after Ledger code poisoned

froggreatest

npm supply chain security

I have thought npm integrated with Google’s SLSA, but nothing came out of it? No added security? Also, the version pinning issue seems ridiculous, npm supports it and there is a way to lock specific versions for each dependency, the slippery details of this misfortune need to be cleared.

Smells of cowboy stuff, I hope the lawsuits will trigger others to be “a bit” more careful.

AWS exec: 'Our understanding of open source has started to change'

froggreatest

a bit cold but necessary

Spot on, everything circles around the choice of a license. If you use MIT and then get angry at Amazon for commercialising on it then look into the mirror.

It is a bit harsh though because a lot of folks were brainwashed into believing the companies will either help you or pay you or make you famous or offer you the job, but it is imperative you use MIT or similar. It is all to make it easier to share code and make innovation faster.

It shows a lack of understanding about licensing and forward thinking. I do not blame anyone as this sort of stuff is not being taught everywhere.

Microsoft admits slim staff and broken automation contributed to Azure outage

froggreatest

Re: Everything is perfect, until it isn't

Bean counters are unaware of the failures per se. This is all to do with the management who green-light the fact that it is fine to have a few people. I believe one of the lessons here is that there should be a minimum of x people per some y size datacenter.

80% of execs regret calling employees back to the office

froggreatest

Re: We have expensive real estate.

> and often more effective

This only works if you have one main office and all employees work there. In my case I need to wait for the folks to wake up in the States and call them. No walking in the office will help. This applies to any subsequently large or distributed company globally. The proper documentation, recordings, online meetings, collaboration on docs is the answer.

froggreatest

Re: unpopular opinion: no, WFH and WFO are not the same.

I was in a similar situation. My wife told she hates the place and needs to move back, 3h away from the office. I decided to commute and just rent a spot like you. With time I spent less and less time in the office because it would become evident this was just a waste of my time (we used to speak little and chat to each other to keep the history and to share with externals). The watercooler moments were non existent. Eventually I ended up 100% from home. The boss also did that and subsequently got rid of the office.

Then Covid, change of jobs and I am still remote. We (at home) had some challenges though as it was not clear where to buy the property but we remained far from the capital in the end. The biggest issue for me now is that I could not even afford to do what I did before. But maybe I’ll never need that because the work shifted and. currently team consists of people who are distributed among multiple time zones. Going back to the office would be a joke as I would be alone amongst strangers.

Modular finds its Mojo, a Python superset with C-level speed

froggreatest

Not ready for development

A couple of days ago I wanted to write something with this new language. Unfortunately, you must ask for permission, and even then you can try it in an online notebook environment only.

If a developer cannot run it locally it’s a bit far away from adoption I guess.

As for the use cases I thought it might be a great fir for Robot OS or small devices like RPI, but I cannot test it to verify my assumptions at the moment.

Pushers of insecure software in Biden's crosshairs

froggreatest
Go

It depends

If this materialises into something that triggers IETF efforts like SCITT then it is great - without standards we’ll be lost; if it forces more due diligence for software vendors (regular qa and pen tests where the results are visible to the purchaser) it is also great - managers will be forced to factor that into the price instead of “thinking” it will be ok.

Otherwise the software prices will skyrocket as nobody will want to claim responsibility for the bugs in OSS packages (although most of the product is made of those). OSS licensing already contains statements “use at your own risk”. The other option would be to build inhouse components but yeah it would be extremely expensive and bug ridden.

Also, if I (engineer) was asked to become responsible and face possible jail term the I’d just quit and do my gardening. Some of the bugs are not just a simple mistake in a line of code but rather a collection of code changes made by all seasoned and junior engs and managers; or rather prototypes that became products :)

I’m gonna get my indemnity insurance before the price goes up.

Workday sued over its AI job screening tool, candidate claims discrimination

froggreatest

computer says no

Workday job application “portals” are quite terrible. Every time I applied it was necessary to fill in all of my details along with the job experience. The futuristic “import my cv” would always trip over in some places and I would need to fix the mistakes. Now if there is AI somewhere, I can only imagine how great it is.

This chap had to deal with such crazy user experience for 80-100 times.

Management of UK govt's £158b property estate held back by failed IT project

froggreatest
Holmes

Hours spent in conference calls

This is a monumental integration job. You’d need to speak with every rep from each org to change even the smallest thing. Each change would take ages to do because departments have folks who are either too busy or too new to the job which makes it extremely hard to do even the simplest stuff. Then there are some exceptions in the system as usual, which is time consuming to implement.

I’ve been there, the projects take ages to agree upon (time=money) then you get the purchase order and something completely unexpected comes up from one of the users… You could easily burn through a mill a year and fail to deliver because multiple reasons beyond your control.

Spruce up your CV or just bin it? Survey finds recruiters are considering alternatives

froggreatest
FAIL

Increased competition

In the past year I’ve invested a lot of time to try and break into the top big tech companies. I’ve done multiple interviews and failed many many times. Not to mention automated reject responses after the time spent tailoring the CV and writing a damn cover letter, forget the cover letter - an essay about how I’m “naturally” fit to work in a particular company. Also, I’m now regularly doing those algorithmic type tests on Leetcode to be sure I can find an optimal algorithm for a given problem in a couple of seconds. I hate it so much but there is some silver lining to it, I got to know my preferred language more, which is not possible at work (the irony). I was forced to read and learn about the challenges in large system designs which is again not possible at work. Most importantly I realised that it became much harder to get a job despite the years of experience - we are competing with a new generation, in a global pool of talent for a limited amount of highly paid jobs. Another weird thing is that all big companies want to do like >5 interviews and this takes a monumental amount of time. Wish me luck I’m doing 3 interviews this week.

JavaScript dev deliberately screws up own popular npm packages to make a point of some sort

froggreatest

Re: Quantity of Downloads vs Requires

The numbers are scary but a bit misleading. In a naive js project (most of Github) you would automatically build it upon every commit or a PR which in turn does “npm install”. Now, PRs are automated these days through the use of various bots and could be opened/closed on a regular basis without the intervention of the programmer (more downloads). This does not mean that the software downloaded from NPM is deployed to a server, lambda, or becomes part of the website js code.

froggreatest
Headmaster

Software license is the answer

OMG how much open source we use at work (Fortune 100) and nobody has even the time to talk about it, let alone pay for it, or even dedicate some time to contribute. All we do is just glue it all together. If I had a company card I would definitely pay and support the maintainers but it is not how big companies operate. Also, nobody really cares because there is no accountability, I’m not going to push my manager tomorrow to pay some random developer I think needs support, I want to be promoted at the end of the day.

On the other hand why the hell developers use those permissive MIT licenses and then sob when their code is monetised without leaving them any coins? Is there no license which would say it is free but only if your turnover is less than $250mil? Surely you want to retain some copyright power in these situations. Or maybe consider using a copyleft license to make sure future generations will have access to this code?