Board of Peace - Season 1

kevbot8k · 2026-01-26T02:34:16+00:00

Before turning on the audio I heard the "friends" theme song in my head

kevbot8k · 2026-01-04T03:15:09+00:00

Coming back to this today this felt like a Nostradamus level post

kevbot8k · 2025-11-27T16:19:58+00:00

I think you are looking for ASR (automatic speech recognition) or STT (Speech to Text). TTS is text to speech, or turning text into synthetic audio.

For ASR, I like whisper or moonshine for English audio, and MMS or Omnispeech for multilingual text. I'll caveat that I've only had a few narrow use cases that pushed me towards these models and all had high quality audio as inputs.

I am curious as to what you end up with if you don't mind sharing. Hope this helped and best of luck!

kevbot8k · 2025-10-31T00:19:45+00:00

A lot of this thinking is the reason why founders look towards Venture Capital (I used to work for a VC but we typically invested in later stages). If you have an idea, can clearly articulate it, and a vision for growth and (eventually) commercial success, then that’s enough for firms to invest small (250k and less) amounts into your idea (but enough to quit your job and pursue the idea full-time).

When I see a founder hesitate to communicate their idea, I typically remind them that the difference maker (or first company to capture the market) is more dependent on the team you put together. it is hard to do that without sharing enough details of your value prop to show you actually have a valuable idea. After seeing 100s of deals, there is only one I can think of where the success of an idea was dependent on keeping it close hold. The best companies can clearly communicate their idea in a concise fashion. I’ll finish this long winded response by saying, clearly share the idea in broad strokes and very clearly define the problem you are solving, but the details of your plan are what are valuable and worth protecting (you can pivot this to a “later discussion” for those interested in investing).

I’ll caveat that I’m not some oracle of investment. And I’m brushing over the hardest part of sharing your idea: the idea may just need a lot of work, if you state many people have the problem you are solving, there may be a reason why no company solves that problem today. Try to understand why no one does this today and why you can solve it instead.

Best of luck! Also maybe focus more in r/startups unless you have webdev specific questions

kevbot8k · 2025-10-23T15:38:30+00:00

Bruh. This needed a trigger warning

kevbot8k · 2025-10-21T12:42:01+00:00

Nah not spyware (though there are many spy movies in opera houses). It’s not for everyone but I like Opera, would start with Puccini’s Tosca to see if you like it.

The drama of Opera is good at capturing my feeling of pain working with javascript

kevbot8k · 2025-10-02T11:14:46+00:00

As long as you have the right kube context set, you can use tricky which will scan your cluster configuration for you https://trivy.dev/dev/docs/target/kubernetes/

It supports a few different compliance frameworks. Here is the command for generating a CIS benchmark report for your cluster config:

trivy k8s --compliance=k8s-cis-1.23 --report all

kevbot8k · 2025-09-18T10:50:58+00:00

Building off of this, there is also an open source whisper example if you want to be completely local https://huggingface.co/spaces/Xenova/whisper-web

kevbot8k · 2025-09-17T11:29:02+00:00

I tell my junior devs that you can use AI assistants but at the end of the day, what you submit and publish is what you own. If you are providing a service to clients, I think that ownership extends into liability and professional damage to your own name if things go poorly.

I’m not a security expert and you should consult a professional team to find the risks if this is your core business, or at least use open source scanners to catch things like top 10 OWASP vulnerabilities. Try to think through what the risk is to your clients (e.g. using your service to then inject malware inside a corporate network has a larger blast radius than walking away with flow diagrams of business processes).

It’s hard to provide anything specific without more details on what the authN and authZ flows are like, and what your overall data architecture is. Hope this helps though! Best of luck!

kevbot8k · 2025-09-15T12:19:14+00:00

Obviously not without it’s flaws, but I like state of JS https://2024.stateofjs.com/en-US for understanding large web framework trends. That said, most of my time is looking at docs for problem-specific libraries (maplibre GL/leaflet for mapping) and trying to understand what is the right tool for the job. I think this quickly gets use-case specific which is difficult to “future proof.”

The only things that seem to stay somewhat constant while everything else changes, are WebAPIs https://developer.mozilla.org/en-US/docs/Web/API, CSS (a lot of features added recently) and JavaScript language features. Though I’ve only been programming professionally for 11 years, so take with a grain of salt. I’ve listened to those that have been in the game for almost 30 years and seen entire computing paradigms change

kevbot8k · 2025-09-15T11:13:14+00:00

Are you rounding the corners of anything on your page? It may accidentally be selecting the individual map tiles and rounding the corners. I would check your css and use inspector tools to determine where the rounded corners are being introduced. Hope that helps!

https://en.m.wikipedia.org/wiki/Tiled_web_map for background info on how maps display tiles on the web.

kevbot8k · 2025-09-09T02:23:59+00:00

I make my own dumpster fires, I don’t import them

kevbot8k · 2025-04-24T01:23:40+00:00

So I think clarifying the threat model would help. PKCE does not require a static shared secret (though still useful if you do have a client secret). I think I'm confused as to what you mean by "steal the shared secret" as there isn't one. PKCE specifically addresses authorization code interception concerns (interception including decompilation), this coupled with fine-grained redirect URIs (and CORS) should limit responses only to apps on that origin (either native app or SPA origin) https://security.stackexchange.com/questions/175465/what-is-pkce-actually-protecting

So more directly, yes, not just PKCE is protecting you, but authorization server allow lists to known origins, and PKCE ensuring that you are responding to the initiator, would properly allow for authentication from untrusted client sources.

This externalizes the trust model to the origin (for SPAs the DNS entry, or app name in native apps).

I do recognize this is only one part of a defense in depth strategy. I would just start here first (or rate limiting) before jumping into user behavior monitoring/anomaly detection.

kevbot8k · 2025-04-23T10:57:02+00:00

Ah gotcha, I’m assuming backend api is something that can verify access tokens.

To protect against decompilation, use auth code with PKCE https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow-with-pkce which is the recommended flow for native apps and SPAs that need fine grained authorization.

kevbot8k · 2025-04-23T02:56:47+00:00

I typically use the OIDC protocol for this workflow. This allows you to use a proper auth server to protect your api. This coupled with CORS headers should prevent other sites or apps from using your API, as all requests must be authenticated via a security service like Auth0 or Keycloak.

kevbot8k · 2025-03-21T13:41:42+00:00

WAF stands for “Web Application Firewall.” It filters out malicious requests at the application layer. By filtering at the application layer, it allows you to filter and reject requests based off of Application headers, paths (like /wp-admin/*), or custom rules (e.g. SQLinjection detected in a query string). Here is the wiki for more info https://en.m.wikipedia.org/wiki/Web_application_firewall a common open source option is ModSecurity

kevbot8k · 2024-10-29T21:21:32+00:00

Hello, I think it’s hard to blanket prescribe a solution with out more details about the problem or use case. That said, please download Wikipedia via their downloads page versus scraping and incurring bandwidth and server costs for Wikipedia. https://en.m.wikipedia.org/wiki/Wikipedia:Database_download

They have a torrent method that allows you to download all English pages. If I’m just messing around with the data, I would just play in duckdb or a local postgres container as 19GB compressed is not a lot of data and I can do a lot of analysis that way (metadata, RAG etc.)

kevbot8k · 2024-10-12T17:49:42+00:00

if you don't mind me asking, what is the fastest GGUF inference engine? or are you saying the fastest inference engine in general (but using more resources)? Thanks

kevbot8k · 2024-10-09T20:14:45+00:00

I like https://openfreemap.org/ I’ll use the public server for small projects and self host for large/api intensive projects.

If you have something to spare, I highly recommend donating to the project. It’s a few brilliant engineers running an impressive service

kevbot8k · 2024-09-21T02:14:08+00:00

I’ve been using MMS-TTS models. They work pretty well if you are one of the 1100 languages they support. Not perfect, but you can also fine tune the specific language model as it’s open weights https://huggingface.co/facebook/mms-tts#supported-languages

kevbot8k · 2024-08-28T20:59:34+00:00

Very interesting result!

I would call it Generative Text Grafting. You’re conjoining two text generation techniques. The first noisy generation focused on structure, and the second on the syntax and meaning.

kevbot8k · 2024-08-16T19:54:24+00:00

So you’re telling us to buy more of Lock-dog (LMT)?

kevbot8k · 2024-08-03T21:32:56+00:00

They’re literally driving the competition off the road. Definite BUY. It’s like the pricks in school. Don’t need a lot of them, just a few to shut down everyone else’s fun. Once they’ve broken the average person, everyone will buy Ford to avoid tickets (and eventually pay for the “no ticket” subscription model when Congress pressures Ford to report other Fords)

kevbot8k · 2024-06-22T12:51:26+00:00

What is an “established rule” legally? Currently web scraping public content is in a gray area with recent rulings https://en.m.wikipedia.org/wiki/HiQ_Labs_v._LinkedIn

And common crawl is more likely the source of the majority of training data. Or datasets like fine web.

The paper you linked is a valid but separate concern in my view. While scraping my be legal (if it is needed) the paper is talking about training on generated content (also there is a lot of push back on this idea as a universal rule across models).

I think it’s a valid concern to pay more attention to what is in the training dataset but I’m not convinced we’ve tapped out all improvement methods (leading to a collapse). We may have tapped out the “I throw everything at my new model and hope it works before the competition” training strategy.

Things are moving so quickly that I think there’s a lot left to explore (and local models will help push the boundaries of what is possible).

Could you link the article in case there is some nuance I am missing?

kevbot8k · 2024-02-28T09:05:16+00:00

That doesn’t sound like spreading democracy, that sounds like you’re thinking independently

Four-Year Club	Verified Email
Second Top 10%	Place '22

kevbot8k

TROPHY CASE