LLMs, including open ones, are really good at this it turns out. It stands to reason, there is tons of training material out there no doubt they have consumed and are ready to regurgitate.
Yesterday I one-shotted several interactive pages, that Qwen built out of straight HTML and Javascript. I handed it my API (source code, not even a swagger, via an MCP that Qwen wrote for me), asked for a frontend, and it delivered. One page at a time to keep context down, and mightve gotten lucky on the first draw but after the first one I told it to make the next ones like the first.
Can't say I've had that experience with backend languages & frameworks, incl writing that same API, but perhaps I'm off the beaten path with those, or perhaps there's greater breadth of things to do vs a narrower set of acceptance criteria? IDK.
Here I was sweating that I'd have to research and learn a current-day frontend framework. It felt like a magic wand using consumer-grade AI. HTML and plain old Javascript was plenty.
Tangent but apropos of other contemporary threads on HN, it puts a spin on supply chain threats. There's no NPM or anything, except perhaps whatever mysteries are baked into the model.
It happens in the private sector too. I was involved in procurement at a megacorp for several years.
At one point one of my colleagues asked for assistance in getting an order of 500 iphones approved. As "spares".
Fortunately the corp had a policy that phone purchases needed to have a named individual declared.
I declined politely to assist.
It was common to see certain mid level execs churning through 2x - 5x the equipment of IC's (who would never get out-of-lifecycle approvals anyeay) and some quid pro quo stuff. As a fraction of their total comp it was modest ultimately, and for this reason my boss advised me to keep my mouth shut.
CNC milling is typically included in the bans being considered in various states.
While poetically consistent, it enlarges the crater around these bad laws if they are passed and enforced. Basically all new manufacturing setups will need to stop and reprogram to stop and start according to fluctuating rules designed by committee, and will need to be made brittle to prevent circumvention.
> need to stop and reprogram to stop and start according to fluctuating rules
Or just move to Texas. Or even Idaho or Dakotas. Which, under a certain angle, is good, it would lessen the wealth and expertise disbalance between states.
I still hope that California comes to senses before they would need to accept the moniker The Footgun State.
They do for reasons, but if those reasons are not compelling they will move. There are already machine stops all over - many tiny near ghost towns have one (often not in city limits - farmers often have a side business and this is one option). If those machine shops can compete better because they don't have the regulation the customes will find them.
As a sometimes peripheral and sometimes primary program manager for vulnerability disclosure, for companies you nearly can't avoid, $0.02 follows.
It's a signal vs noise thing. Most of the grief is caused by bottom feeders shoveling anything they can squint at and call a vulnerability and asking for money. Maybe once a month someone would run a free tool and blindly send snippets of the output promising the rest in exchange for payment. Or emailing the CFO and the General Counsel after being politely reminded to come back with high quality information, and then ignored until they do.
Your report on the other hand was high quality. I read all the reports that came my way, and good ones were fast tracked for fixes. I'd fix or mitigate them immediately if I had a way to do so without stopping business, and I'd go to the CISO, CTO, and the corresponding engineering manager if it mattered enough for immediate response.
I don't think I've met an llm that is adversary resistant, and here are counterparties that are actively playing the field, to put it mildly.
The bug bounty service providers did an adequate job of filtering out junk reports. There was a survivorship bias, some of the bogus ones that got through had an uncanny ability to twist words.
From having worked at and consulted with security software producing companies as well as security software consuming ones, I would say the security companies are worse than average at security.
And their security teams more cynical.
Sometimes they deliberately hire lower aptitude candidates to run internal security to prevent them from getting distracted by the product.
In other cases they are getting high on their own supply, more or less.
Jack Welch style management seems to take a deeper toll in this sector.
It doesn't help that a lot of security software is pretty niche. It's unreasonable to expect most candidates to know it or have experience.
In one case I was one of exactly two people out of 500 that had used the product as a paying customer. Neither of us was in management.
After a year or two the CISO drifted over and asked me to show him how to use the product, but he was more interested in soundbytes than actually using the system.
It became a powerpoint exercise and I collected my attaboy.
there are a lot of "do what I mean" type papercuts in openscad. BOSL2 is a library that, for me at least, takes away enough of them to make a rewarding experience. still find myself brute forcing which axis to translate or rotate things the way i want.
concur otherwise that openscad is parameter friendly. the lightbulb moment for me was when i finally grasped its functional grammar and leaned into it, esp recursion instead of algebraic solutions. that should probably be the subject of a tutorial or several.
i like the way prusaslicer has a conspicuous setting to enable intermediate and advanced settings so that users can start with a less intimidating setup and opt in to the bells and whistles if and when they are ready.
