steph

joined 1 year ago
[–] steph@lemmy.clueware.org 2 points 11 months ago

MS Dos 5.0 on my first PC was a bit short on features and I had not enough money for Windows 3.1... I heard that American students were using something called Unix and that their was something close available through mail-order CDs. Yggdrasil CDs were cheap too!

[–] steph@lemmy.clueware.org 2 points 11 months ago

A merge from upstream once a day, at the beginning of the day.

I'm working on a DevOps setting, and even though we're a small team, we have about two to three changes going through the pipeline a day.

If you keep your fork too long without syncing, it just get more complicated to merge, and more importantly if you need help from the upstream change author they'll have moved on to another subject and the change won't be as fresh in their mind as if you had merged the day after they pushed it.

[–] steph@lemmy.clueware.org 2 points 11 months ago* (last edited 11 months ago) (2 children)

I've had that kind of reaction - on rebases also - and most times it was in fact a code smell pointing to a case of spaghetti code.

If you get to the point that you fear upstream merges/rebases into your WIP, stop for a second and ask yourself if maybe that might be an issue with too much interpendencies inside the code itself. Code should be as close to an directed acrylic graph as possible. (doesn't count, I was not speaking of git! :b )

[–] steph@lemmy.clueware.org 2 points 1 year ago

A process owned by any user will be able to exploit a userspace vulnerability, whatever this user is. Selinux, chroot, cgroups/containerization add a layer of protection to this, but any vulnerability that bypass these will be as exploitable from nobody as from any other local user. It will protect a user files from some access attempts but will fail to prevent any serious attack. And as usual when it comes to security, a false sense of security is worse than no security at all.

Remember that some exploits exist that can climb outside of a full-blown virtual machine to the virtualisation host, finding a user escalation vulnerability is even more likely.

The only real protection is an up-to-date system, sane user behavior and maybe a little bit of paranoia.

[–] steph@lemmy.clueware.org 1 points 1 year ago

Given this trend, GPT 5 or 6 will be trained on a majority of content from its previous versions, modeling them instead of the expect full range of language. Researchers have already tested the outcome of a model-in-loop with pictures, it was not pretty.

[–] steph@lemmy.clueware.org 1 points 1 year ago (3 children)

Each and every line of code you write is a liability. Even more so when you wrote it for someone else. You must always be able to rebuild it from source, at least as long as your client expect the software to work. If you feel it's not worth it, you probably low-balled the contract. If you don't want to maintain code, have the client pay a yearly maintenance fee, give the code and the responsibility to maintain it to your client at the end of development, or add a time limit to it's support.

There's no "maintenance mode" software: either it's in use and must be kept updated with regard to it's execution environment, or it's not used anymore and can be erased and forgotten. Doing differently opens too much security issues, which shouldn't be acceptable for us all as a trade.

[–] steph@lemmy.clueware.org 4 points 1 year ago (1 children)

Forewarning : ops here, I'm one of the few the bosses come to when the "quick code" in production goes sideways and the associated service goes down.

soapbox mode on

Pardon my french but that's a connerie.

Poorly written code, however fast it has been delivered, will translate ultimately into a range of problems going from customer insatisfaction to complete service outage, a spectrum of issues far more damageable than a late arrival on the market. I'd add that "quick and dirty code" is never "quick and dirty code with relevant, automated, test coverage", increasing the likelihood off aforementioned failures, the breadth of their impact and the difficulty to fix them.

Coincidentally , any news about yet another code-pissing LLM bothers me a tad, given that code-monkeys using such atrocities wouldn't know poorly written code from a shopping list to begin with, thus will never be able to maintain the produced gibberish.

[–] steph@lemmy.clueware.org 2 points 1 year ago

This one is interesting. What java bias is linked to user experience in Jetbrains products exactly?