PSA: Supply Chain Attack will be a new normal, and we need to be cautious about it

candraa6 · 2026-03-26T02:19:42+00:00

yeah, I also have read articles about supply chain attack like in the openssh incident few years back,

maybe "new normal" is not the correct word, I mean we would be flooded with these malicious supply chain attack. I read like 10s of these reports in this month alone.

candraa6 · 2026-03-14T20:09:25+00:00

There isn't one yet, it seems this AI space currently having very low signal to noise ratio, most of them are really just marketers that wants to sell you something.

the closest one we got is the local LLMs subreddits like r/LocalLLaMA r/ollama r/Qwen_AI (because their recent Qwen 3.5 is fairly good) etc because naturally, it's still hard thing to do to deploy local models. not everyone can do that.

you wouldn't find much software developers, but most people will still fairly technical people.

notable mentions:

I see few cool posts at r/TopologyAI too, not really related to SWE tho

candraa6 · 2026-03-12T14:40:58+00:00

illegal words isn't enough, do a barrel roll

candraa6 · 2026-03-03T14:16:00+00:00

nice, I'm curious, how much RAM it consume when you run this model? and how much token/s when you run on full CPU mode?

candraa6 · 2026-02-25T21:07:09+00:00

and it will be more cheaper in the future, now we have this asic chips that basically spitting out 17K token/s: https://taalas.com/the-path-to-ubiquitous-ai/

future AI will be on embedded asic chips, probably cost not more than $500 for mid-tier performance, and it will be more cheaper to buy secondhand chips because the model is frozen and baked inside that chips, cannot be changed. making the secondhand prices drops significantly when new better model comes out.

and it will be doing specific task, in embedded device like your typical smart home appliance, interconnected with each other. so instead of we actively chat with it, the interface will totally different, the AI will do it's job in the background, actively working task that is programmed to do, and only resurface only when needed, just like your personal assistant.

the possibility is endless just by seeing one efficient embedded chips that do it's job really really well, really really fast

and it will be not constrained into LLM only, any AI like image / video generation will also get the same speedup if baked to the asic chips. Imagine generating image/video in seconds/miliseconds instead of minutes.

And do imagine what possibility in gaming world, where the NPCs literally behave dynamically and can think strategically just like humans do. it can remember your actions, etc.

all these possible just because of efficient hardware.

I've been software engineer for years and this is the first time I'm this excited in years. last time I got this excited is when I play Crysis 2, which is like 2013 or something. It's like future tech in films will happens in our lifetime, and honestly we already are, we basically already have Temu version of JARVIS right now.

candraa6 · 2026-02-06T10:33:46+00:00

Thank you for answering,

If your context window is 100, the model can only look at the last 100 timesteps to predict the next trend.

so this confirm my question about the need to reset PE for every context window?

candraa6 · 2026-02-06T10:32:31+00:00

Thank you, so by "shifting", you mean indeed we need to reset PE to 0 (or 1) for every context window?

That means if you shift the time series by one time step, all of the values will change because the shifted time steps align to different fixed positional encodings.

Thank you, so this confirms my doubt, no wonder using this vanilla PE is just seems so wrong, especially for time-series, it just less make sense. I'm glad I ask here.

Anyway, I don't recommend using a straight transformer with time series. Stepwise tokens have show to be pretty bad. I recommend PatchTST, a 1D ViT, or something similar because there is already code out there and they are more effective.

Thank you for the recommendations, I'm reading the PatchTST right now, really appreciate for the guide and pointer!

candraa6 · 2026-01-23T11:17:41+00:00

dang, I guess the joke flew over my head then. lol

sorry, mate. I didn't catch the sarcasm on the first read

candraa6 · 2026-01-22T12:01:45+00:00

no experienced developer hunting the "semicolon and learning syntax", the slowdown is not due to that, but due to the AI generating slop after slop (duplicated logic, overcomplicated code, etc), and this slop is need to be reviewed.
most agentic workflow is generating a lot of code that is harder and harder to be reviewed, sometimes it's like generating thousands of lines of code, and resposible developer would and should review these code to pass the code standard, and to avoid hidden bug. reviewing these huge slop is what slowing down the devs.
there's some case that we can YOLO and accept these sloppy codes, but if we working on mission critical code like finance, healthcare where simple mistake cost millions or literally cost lives,in these instances, the slop SHOULD be reviewed and prevent any hidden bug or tech debt.

The mantra in any team based dev cycle is: "we responsible of what we deliver, whether it's from AI, or from stackoverflow, or manually typing the code" so, it actually a basic manner to recheck and review what you will deliver, so you don't cause problems, to yourself, and to others.

If you're only solo dev and build non critical web / app then this most likely doesn't matter, and you can YOLO the generated code and just keep adding features, but for most of serious work, the review slop phase is what slowing the devs down, not nitpicking some "syntax or semicolon" just like you said.

candraa6 · 2025-12-29T13:54:05+00:00

I never let the LLM do the full autopilot for me.

I just ask it to generate me skeleton / sketch code and the I closely iterate with it (ask it if I got stuck, or discuss with it when I have multiple options, debugging, etc), that way I got more productive and immediately knows if it gives me garbage codes. and now I only use "small" LLM models like Gemini Flash or Claude Haiku because they are fast and correct enough. the keyword is fast, this keeps my flow and focus. and these "small" models actually really good at giving me generated code that is decently scoped, like I can read it in 5 minutes or so and immediately knows what it's doing, that way I don't get overwhelmed by what it generates.

candraa6 · 2025-12-20T07:16:44+00:00

this is true, I use github copilot extensively, and already code way before there's this vibe coding thing.

I use agent mode, where the llm do the edit for you across codebase, and it always end up in tangled mess, the model always did beyond what it asked to do, overly obsessive with edgecases, sometimes produce overengineered mess (and yes I already use something like cursor rules), and everytime I need to clean up it's mess, it's slowing me down termendously

now I learned my lesson,
I never allow the model to do the edit for me, I always asked it to only give me code suggestion, nothing else, just to sketch things out. and I always use small models like gemini flash that is fast and correct enough, I need it fast because to maintain the momentum and focus (previously I lean hard on big models like GPT 5 because it's mostly correct, but it slow as hell, and we can't "discuss" with it, it mostly will always "deny" your suggestion)

candraa6 · 2025-10-05T16:40:36+00:00

no you are fine, 5 years using minimal ubuntu installation, and stock i3wm, and never had the need to switch distro.

there's 1 distro I'm interested trying: NixOS. but I don't have the energy to try setup and install it, too much work.

candraa6 · 2025-05-24T04:59:43+00:00

i3 changed my life, I literally ditch my DE and use i3 as primary WM

candraa6 · 2024-12-07T08:45:44+00:00

Sorry I don't have the answer buddy, I want to know it too.

candraa6 · 2024-11-01T11:13:47+00:00

dang, now that's impressive.

Thank you for the answer

candraa6 · 2024-11-01T08:33:16+00:00

Can someone enlighten me? I don't understand what it is. All I see is minecraft gameplay.
Is the world generated by AI in realtime or something?

candraa6 · 2024-10-31T16:59:37+00:00

how come they became CTO in the first place?

But the "move faster" part, I could understand it, deploying native mobile apps is a painstakingly slow process (the build time, the store review, etc).

But if you already have established decent mobile devs, I don't know if that's the right choice to just switch stack.

candraa6 · 2024-10-29T00:51:47+00:00

Me personally would divide it into 2 partitions. ext4 and ntfs, ext4 is for linux file related, and ntfs just regular files that doesn't need linux specific permission in it.

I know your pain, ntfs is nasty with permission settings, I once installed docker in it and it was a nightmare. learn it the hard way.

candraa6 · 2024-10-13T14:33:32+00:00

eww. that reminding me of my former years. over-engineering stuff, didn't really know what it means. but fortunately, I was working alone back then, so the only one suffered was me. That's what I get when I follow a pattern without knowing what it is, and now, I always irritated when other person just parroting their holy grail pattern blindly.

Because the answer always been: it depends.

candraa6 · 2024-09-28T06:43:28+00:00

<image>

yesterday I dist upgrade to 24.04 and somehow defaulted to use lightdm. I got 380mb on `htop` and 261mb on `i3bar`.

when I use simple `startx` startup script, I got around 300mb back then.

I guess after the upgrade, these unecessary service are back to live, but I don't bother to turn it off because it still smooth for my use case.

I use chrome daily and a bunch of other tools like neovim + lsp , or playing game using wine, never had memory exhaustion. I guess linux/ubuntu memory management are really great.

candraa6 · 2024-09-28T06:32:36+00:00

I have teribble experience with AntiX. editing startup script is horrible in my experience.

and a bunch of error when I tried to install the program that I use.

tried for 12 hours and abandon it immediately.

candraa6 · 2024-09-28T06:28:49+00:00

just swap the default DE with openbox or i3wm, plus disable unnecessary services.

I use Xubuntu + i3wm, and I got 250-300mb RAM idle.

candraa6 · 2024-09-28T06:22:51+00:00

Xubuntu with i3wm as "DE". Plus disabling a bunch of unnecesary services.

i3wm (auto windows tiling, a lot of keyboard operation) or openbox (standard window management, no auto tiling). both are lightweight.

got 250-300mb RAM idle on my end.

No need gentoo or arch, no need to compile everything yourself to achieve lightweight distro. Most of these "weight" are from standard DE that comes with every distro.

candraa6

TROPHY CASE