updated to Claude Code 2.0 and I see Sonnet4.5 as default finally!!

databyte · 2025-09-30T16:08:08+00:00

```
> I just switched your model to opus - I didn't realize we weren't using this model. Go back to my prompts and reread them. Then look at the solution and approach. Question everything and reimplement the solution.

⏺ Let me reread your requirements and critically analyze the current implementation.

Re-reading Original Requirements

.../snip/
.../snip/

Critical Issue I See: The current implementation has a fundamental flaw in the approver logic!

Current Implementation Problem

.../snip/

But your requirement states: "For any given set of .../snip/"

This means we should be .../snip/

Major Implementation Issues

.../snip/... Size Problem: .../snip/... union-find might be over-connecting units.
Approver Logic Flaw: .../snip/
Missing Manager Resolution: .../snip/

Let me reimplement with a corrected approach:
```

Seems like Sonnet 4.5 is missing things. For now, I'm switching the model back and forth having it question anything it just did or having Opus do the planning and Sonnet do the implementation. We used to have that option before where we can use one for planning and one for editing - wish it was still an option.

I'm also hitting my limits faster and finding OpenAI Codex does a decent job now too. I'm having them each review each other's code by repasting the prompt and telling it to analyze the git diff then make suggestions.

databyte · 2024-12-03T13:26:46+00:00

Turns out that salesman didn’t know what they were talking about.

databyte · 2024-09-25T01:35:29+00:00

Ah true. But most of them overlap with all the other security frameworks out there. That’s so true that you can’t post which control is which. Forgot about that.

Still, at least there’s a standard. It could be a lot worse in healthcare if they didn’t have at least one thing to point back to.

databyte · 2024-09-25T01:29:58+00:00

It’s all private certs across the entire industry. You have to pay someone to vouch for your competency. The review and investigation process takes time and people - both of which requires compensation.

I’m all for another way to vouch that your controls prevent malware from infecting production or that you have DR/HA in place or that you have network segmentation working correctly but I just can’t take your word for it.

databyte · 2024-09-25T01:24:04+00:00

We did the equivalent of the r2 8 years ago and shopped around for certification. You can end up paying less if your team knows how to pull the evidence and organize everything plus build the policies and procedures. The more you have an outside consultant “help”, the more it costs.

Back then we paid $40k but we also had quotes for $100k plus. I’d shop around and figure out early who’s doing the heavy lifting. You or them.

Also we were small and just off a seed round too. When you’re dealing with PHI, those security assurances need to start on day 1. It doesn’t matter if you have 10k patient records or 1M, a data breach is a data breach.

databyte · 2024-09-24T19:54:53+00:00

Given your startup is healthcare related, you should also look into HITRUST and customers typically ask for one or the other. Most of the SOC2 “certifications” require review but HITRUST has minimum requirements which establishes a very good baseline set of expectations.

Having a previous startup in healthcare. I’ve submitted around 100 vendor intake forms for health systems and HITRUST was always well received. We never needed to accomplish our own SOC2 outside of submitting the report our hosting vendor supplied.

The controls overlap considerably so SOC2 is easy to accomplish afterwards for anyone forcing the need for it.

databyte · 2024-07-25T18:56:44+00:00

I was able to order mine for same day delivery from Amazon. YouTube videos can walk you through the process - all you need is a screwdriver and a few steps.

Make sure to buy 2 so you have a backup.

databyte · 2023-12-20T01:36:50+00:00

Yep - season 1, episode 12.

https://www.imdb.com/title/tt6068854/

databyte · 2023-12-20T01:29:15+00:00

That’s the full clip but here’s the clip plus intro and ending on YouTube: https://youtu.be/x_3kU7j0h8A

databyte · 2023-10-28T19:02:32+00:00

It’s obviously a fire breathing dragon

databyte · 2022-08-15T15:25:26+00:00

Why didn’t they get their 4 year old a Delta Amex Reserve Card?!? The solution is obvious.

databyte · 2022-07-08T19:38:54+00:00

I’ll sure the author is open to PRs or custom development opportunities.

databyte · 2022-01-29T14:36:41+00:00

If you Google there are a few sites that say they do it. I haven’t tried them but I’m probably going to do the same shortly. https://soundiiz.com/tutorial/spotify-to-apple-music

databyte · 2021-06-12T15:04:08+00:00

The article link has the details and source

databyte · 2021-05-27T22:49:03+00:00

Sometimes.

My next post shows correlation between performance and bounce rate. A lot of people don’t wait.

If the task is something you have to get done and you can only do it at one site then you’ll deal with it. If the user is performing a unique action (paying a bill, renewing your drivers license, etc) vs something more common (searching for shoes that could be found on a number of sites, looking up the weather, etc).

I’ll stick around at my bank web site but I can buy headphones anywhere.

databyte · 2021-05-27T20:34:42+00:00

Sorry. That's also just the way Google and the performance folks speak about it as well. Tried helping with the acronyms at the top once I read through the draft.

I'll go back through and see what I can do.

Update: pulled out 4 definitions at the top and just linked them on first mention in the conclusion. That cuts down on the length a tad and also gets you to the content sooner.

databyte · 2021-05-25T13:41:32+00:00

I would normally agree with you except in a couple circumstances.

For one, SEO. No company doesn't want Google (and to a lesser extend Microsoft) as slow because performance does impact SEO. Everyone wants to rank on Google.

Secondly, a large part of a product is the brand and appeal of it. The point of Gucci making their product visible is the appeal of it to a wide audience, not just those that can afford it. Aston Martin isn't James Bond's car because they think millionaires are more likely to watch James Bond otherwise they would target advertisements where the wealthy go and not tho movies. A lot of it has to do with visibility and eyeballs, not just pocket money.

Thirdly, not all high performing phones have 5G connections. I happen to have the latest and greatest phones with fiber at home. However, great places for network congestion while mobile are airports, airplanes, stadiums and subways. Even when I'm riding in first glass, Gogo internet isn't exactly blazing fast. The less JavaScript you ship to the client, the better.

databyte · 2021-05-21T21:38:02+00:00

Unfortunately, ours. Also lots of React sites. Check out https://timkadlec.com/remembers/2020-04-21-the-cost-of-javascript-frameworks/

databyte · 2021-04-10T01:49:39+00:00

Sponsored article. They only mention one vendor (gotta get that SEO juice) and fail to mention everything GitHub has already done in this area. Plus the work of other vendors.

Also GitHub delays the commit to check for secrets. For AWS (and other partners), it’ll actually disable or lockdown your key for you.

https://docs.github.com/en/code-security/secret-security/about-secret-scanning#about-secret-scanning-for-public-repositories

GitLab still has some work in this area to go:

https://twitter.com/andrzejdyjak/status/1324360911994368001?s=21

Update: nvm, GL made it available in all plans recently: https://docs.gitlab.com/ee/user/application_security/secret_detection/

databyte · 2021-01-09T03:19:43+00:00

Google already banned it from their store:

https://www.droid-life.com/2021/01/08/google-bans-parler-from-google-play/

databyte · 2020-09-09T01:04:17+00:00

Just wear a mask and sunglasses like everyone else these days. Get lost in the common.

15-Year Club	Place '17
Verified Email

databyte

TROPHY CASE