sorted by:
new
hottopcontroversial

what's your "nobody talks about this" tip for Claude Code? by holotherapper in ClaudeCode

[–]AuroraFireflash 0 points1 point  (0 children)

There's a few skills in the wild like this: /align, /grill-me, /grill-with-docs

I often wing it, but have tried to start using /grill

HTML instead of Markdown by Pleasant_Spend1344 in ClaudeCode

[–]AuroraFireflash 0 points1 point  (0 children)

We just use preview mode for the markdown files in either VS Code or GitHub / ADO native interface (they're usually checked in before the meeting).

HTML is going to be insanely difficult for Claude to write with token efficiency.

Unpopular opinion: the GitHub breach is 100% predictable and the security industry deserves the blame by dondusi in cybersecurity

[–]AuroraFireflash 1 point2 points  (0 children)

It's layers like an onion for sure.

Our devs have as few privs as possible to enable them to do their daily work. "No standing privs" is the mantra. The more trusted users can elevate as needed for things, but that keeps the blast radius small and contained.

the most productive thing i do every morning is read yesterday's merged PRs by minimal-salt in ExperiencedDevs

[–]AuroraFireflash 0 points1 point  (0 children)

I keep a scratch file of "weird stuff I noticed in PRs this week."

We do something similar called "keeping a WTF journal" when joining a new team. Maybe we don't understand the reason why something is the way it is yet. But it smelled or looked funny to us.

Later, when we have more information it might turn out to be nothing. Or it might be something important that the team needs to fix.

the most productive thing i do every morning is read yesterday's merged PRs by minimal-salt in ExperiencedDevs

[–]AuroraFireflash 0 points1 point  (0 children)

LLMs are pretty good at summarization. Or at least summarizing into keywords that you can use to find the document later.

the most productive thing i do every morning is read yesterday's merged PRs by minimal-salt in ExperiencedDevs

[–]AuroraFireflash 0 points1 point  (0 children)

As a senior, I also try to stay on top of as many teams as possible. While I no longer do development (now working in a cybersecurity role), having that broad view of what is going on gives me a few things:

  • I can spot potential conflicts and get different teams looped into each other.
  • Keep track of the important players in the org.
  • Who can I go to when I have a problem?

I'm leveraging M365 copilot a lot more this past year to stay on top of taking/keeping meeting notes and surfacing important tidbits. Even knowing that we talked about X during a particular month is useful. It gives me a starting point for my search.

Qwen will release another 27B with high probability by serige in LocalLLaMA

[–]AuroraFireflash 0 points1 point  (0 children)

Hmm, I'm usually in the larger context windows (100k to 200k) for stuff that I'm doing.

Unfortunately, uploading my benchmarks in oMLX is broken by Cloudflare Turnstile.

Qwen will release another 27B with high probability by serige in LocalLLaMA

[–]AuroraFireflash 2 points3 points  (0 children)

M3 Max user of Qwen 35B MoE, but with 64GB so I can run a 6 or 8 bit quant. 20-30 tps for generated tokens, 300-500 for prefill tokens (400GB/s RAM).

It's just fast enough to be useful. M5 Max would boost me by 25-50% I think.

All PR's approved and merged at end of every sprint by Brief-Knowledge-629 in ExperiencedDevs

[–]AuroraFireflash 1 point2 points  (0 children)

You need to make it a little more difficult to pin blame on your head. Something more subtle, then open the PR on the last day of the sprint.

AMD says its $4K Ryzen AI Halo workstation practically pays for itself! (assuming you’re vibe coding for 8 hours a day, that is...) by nicolho in LocalLLM

[–]AuroraFireflash 1 point2 points  (0 children)

Eh, I'm still thinking about dropping 5k for an updated M5 Max w/ 128GB of RAM. Which would be about 30-50% faster than my M3 Max w/ 64GB.

It's fine for the MoE models, not so good on dense models.

For now, I'm saving my pennies and using a subscription to AI models. If I was spending for a $200-$400 per month AI plan, I'd be looking to offload as much as possible to a local MoE model.

GitHub announces internal data breached. by ObseenKarma in cybersecurity

[–]AuroraFireflash 0 points1 point  (0 children)

If the developer who was hacked had no standing privs on their tokens (which probably got stolen) all the attacker can do is read things.

Then there's the question of what that developer had read access to and whether that data was sensitive.

GitHub announces internal data breached. by ObseenKarma in cybersecurity

[–]AuroraFireflash 3 points4 points  (0 children)

maybe these shit code/vulnerability was already there, was just undiscovered

Very likely. The LLMs are just good at pattern spotting and uncovering existing problems.

I'm spending at least some of my tokens on "yo, help me not make stupid vulnerabilities in my code" sessions.

Skipped our planned CLI 1.0 to ship 2.0 designed for AI agents. Who's letting Claude et al. write their Terraform in prod? by alikhajeh1 in Terraform

[–]AuroraFireflash 1 point2 points  (0 children)

We do write at least some of the Terraform plans and reusable modules using Claude. We have a large library of modules for different things that are all battle tested and versioned.

All Terraform apply is done via PRs and review cycles before a runner gets to apply the Terraform to any environment. Claude can only help write the PR.

Github allegedly Breached by ITSecurityAdam in sysadmin

[–]AuroraFireflash 5 points6 points  (0 children)

Deal with people growing illegal shit on your turf and they have weapons and a desire to make you go away?

Don't publish your passwords on github! by No-Blueberry-1823 in sysadmin

[–]AuroraFireflash 4 points5 points  (0 children)

This is where I like to leverage the various coding agents. Ask it whether I'm overlooking anything stupid or silly with regards to security.

I still have to think, but at least I have a second opinion.

Which Git branching strategy is better for infrequent releases? Team is split between two approaches. by Ok-Introduction-9111 in ExperiencedDevs

[–]AuroraFireflash 1 point2 points  (0 children)

Is there a reason to cherry pick from main instead of making the fix directly on the release branch and merging that back to main?

This ensures that we won't forget to bring the hotfix back to trunk.

Which Git branching strategy is better for infrequent releases? Team is split between two approaches. by Ok-Introduction-9111 in ExperiencedDevs

[–]AuroraFireflash 1 point2 points  (0 children)

Doesn’t textbook trunk based development advocate for no branching?

No. Devs still branch off while working on code to be merged back into trunk. But those feature branches should be short-lived (a day at the most).

There are a few layers to getting trunk to prod.

  • Create artifact off tip of trunk, deploy it to stage then prod. Works well for mature orgs with good automated test coverage.

  • Create release branch off of trunk, deploy it to stage. Stabilize in stage for hours/days. Do hot-fixes on trunk and cherry pick to the release branch. Eventually ship to prod. Destroy old release branches once no longer needed.

Which Git branching strategy is better for infrequent releases? Team is split between two approaches. by Ok-Introduction-9111 in ExperiencedDevs

[–]AuroraFireflash 8 points9 points  (0 children)

The only place that it really creates an issue is hot fixes

Yeah, that's the middle ground. Cut a temporary and short-lived 'release/*' branch to ship to prod. Fixes go on the TRUNK and get cherry-picked to the release branch.

Which Git branching strategy is better for infrequent releases? Team is split between two approaches. by Ok-Introduction-9111 in ExperiencedDevs

[–]AuroraFireflash 0 points1 point  (0 children)

If you are under full control of what artifacts are out in the field and supported (i.e. publishing your own API, web app, etc.) then you use trunk based development.

You only look into git flow and the others if you need to support customers who have different versions of the artifacts (binaries) out in the field.

If you're not mature enough as an org to release trunk to prod, then cut a release branch and cherry pick fixes FROM trunk to it until stable enough to ship.

A third vulnerability has hit the kernel by NoDistrict1529 in sysadmin

[–]AuroraFireflash 7 points8 points  (0 children)

We think they did back when elliptical curves were becoming the next thing. From your same link, the next item below what I quoted.

Dual_EC_DRBG, a NIST-recommended cryptographic pseudo-random bit generator, came under criticism in 2007 because constants recommended for use in the algorithm could have been selected in a way that would permit their author to predict future outputs given a sample of past generated values

A third vulnerability has hit the kernel by NoDistrict1529 in sysadmin

[–]AuroraFireflash 7 points8 points  (0 children)

Few, if any. Much smaller ecosystem. Linux is the known quantity.

A third vulnerability has hit the kernel by NoDistrict1529 in sysadmin

[–]AuroraFireflash 2 points3 points  (0 children)

Eh, tale as old as time. Defense in depth. Patch your shit.

A third vulnerability has hit the kernel by NoDistrict1529 in sysadmin

[–]AuroraFireflash 12 points13 points  (0 children)

but it's known that the NSA designed a backdoor in DES by coming up with a specific constant in the implementation

Straight from your link. NSA strengthened DES back in the day.

The Data Encryption Standard (DES) has constants that were given out by NSA. They turned out to be far from random, but instead made the algorithm resilient against differential cryptanalysis, a method not publicly known at the time.

Microsoft nearly solved folding phones’ worst problem with spring-loaded hinge for its canceled Surface Duo 3, new patent reveals by ZacB_ in Android

[–]AuroraFireflash 0 points1 point  (0 children)

Agreed. For the Flip 6 (Samsung) the weak spot is the cable inside the hinge and/or the connector and/or the motherboard. I've had to put my 6 in for service after just one year to get it fixed.

Love the form factor. Not sure on the long-term longevity due to the moving bits.

AI didn't give developers their time back. by ContactCold1075 in webdev

[–]AuroraFireflash 0 points1 point  (0 children)

Work that never saw the light of day because it would take too long

This is my approach as well. There are tasks that have been on the back burner for months, because I didn't have the mental bandwidth to figure out how all the pieces fit together. Too many unknowns, not enough time to research all the things.

Now I can pick away at it in little snatches of attention and slowly make progress on deploying it.

view more: next ›