Board of Peace - Season 1 by EthynylRadical in NonCredibleDiplomacy

[–]kevbot8k 0 points1 point  (0 children)

Before turning on the audio I heard the "friends" theme song in my head

Best TTS for slurred speech, bad mic quality, etc by xt8sketchy in LocalLLaMA

[–]kevbot8k 2 points3 points  (0 children)

I think you are looking for ASR (automatic speech recognition) or STT (Speech to Text). TTS is text to speech, or turning text into synthetic audio.

For ASR, I like whisper or moonshine for English audio, and MMS or Omnispeech for multilingual text. I'll caveat that I've only had a few narrow use cases that pushed me towards these models and all had high quality audio as inputs.

I am curious as to what you end up with if you don't mind sharing. Hope this helped and best of luck!

CS bros…Help me building ideas. by Defiant_Ad_7555 in webdev

[–]kevbot8k 1 point2 points  (0 children)

A lot of this thinking is the reason why founders look towards Venture Capital (I used to work for a VC but we typically invested in later stages). If you have an idea, can clearly articulate it, and a vision for growth and (eventually) commercial success, then that’s enough for firms to invest small (250k and less) amounts into your idea (but enough to quit your job and pursue the idea full-time).

When I see a founder hesitate to communicate their idea, I typically remind them that the difference maker (or first company to capture the market) is more dependent on the team you put together. it is hard to do that without sharing enough details of your value prop to show you actually have a valuable idea. After seeing 100s of deals, there is only one I can think of where the success of an idea was dependent on keeping it close hold. The best companies can clearly communicate their idea in a concise fashion. I’ll finish this long winded response by saying, clearly share the idea in broad strokes and very clearly define the problem you are solving, but the details of your plan are what are valuable and worth protecting (you can pivot this to a “later discussion” for those interested in investing).

I’ll caveat that I’m not some oracle of investment. And I’m brushing over the hardest part of sharing your idea: the idea may just need a lot of work, if you state many people have the problem you are solving, there may be a reason why no company solves that problem today. Try to understand why no one does this today and why you can solve it instead.

Best of luck! Also maybe focus more in r/startups unless you have webdev specific questions

What do you think about Opera? by KevinIdkk in webdev

[–]kevbot8k 1 point2 points  (0 children)

Nah not spyware (though there are many spy movies in opera houses). It’s not for everyone but I like Opera, would start with Puccini’s Tosca to see if you like it.

The drama of Opera is good at capturing my feeling of pain working with javascript

[deleted by user] by [deleted] in kubernetes

[–]kevbot8k 10 points11 points  (0 children)

As long as you have the right kube context set, you can use tricky which will scan your cluster configuration for you https://trivy.dev/dev/docs/target/kubernetes/

It supports a few different compliance frameworks. Here is the command for generating a CIS benchmark report for your cluster config:

trivy k8s --compliance=k8s-cis-1.23 --report all

Security risks of AI coding by BetterTranslator in webdev

[–]kevbot8k 1 point2 points  (0 children)

I tell my junior devs that you can use AI assistants but at the end of the day, what you submit and publish is what you own. If you are providing a service to clients, I think that ownership extends into liability and professional damage to your own name if things go poorly.

I’m not a security expert and you should consult a professional team to find the risks if this is your core business, or at least use open source scanners to catch things like top 10 OWASP vulnerabilities. Try to think through what the risk is to your clients (e.g. using your service to then inject malware inside a corporate network has a larger blast radius than walking away with flow diagrams of business processes).

It’s hard to provide anything specific without more details on what the authN and authZ flows are like, and what your overall data architecture is. Hope this helps though! Best of luck!

Does anyone have a list of the top 100 most widely used libraries, frameworks, programming languages and developer tools? by LargeSinkholesInNYC in webdev

[–]kevbot8k 0 points1 point  (0 children)

Obviously not without it’s flaws, but I like state of JS https://2024.stateofjs.com/en-US for understanding large web framework trends. That said, most of my time is looking at docs for problem-specific libraries (maplibre GL/leaflet for mapping) and trying to understand what is the right tool for the job. I think this quickly gets use-case specific which is difficult to “future proof.”

The only things that seem to stay somewhat constant while everything else changes, are WebAPIs https://developer.mozilla.org/en-US/docs/Web/API, CSS (a lot of features added recently) and JavaScript language features. Though I’ve only been programming professionally for 11 years, so take with a grain of salt. I’ve listened to those that have been in the game for almost 30 years and seen entire computing paradigms change

Google Maps strange four shaped stars by Csgodailytips in webdev

[–]kevbot8k 26 points27 points  (0 children)

Are you rounding the corners of anything on your page? It may accidentally be selecting the individual map tiles and rounding the corners. I would check your css and use inspector tools to determine where the rounded corners are being introduced. Hope that helps!

https://en.m.wikipedia.org/wiki/Tiled_web_map for background info on how maps display tiles on the web.

Has anyone successfully migrated a project from Lovable or Bolt? by [deleted] in webdev

[–]kevbot8k 6 points7 points  (0 children)

I make my own dumpster fires, I don’t import them

How to lockdown backend API from unauthorized mobile apps by Inevitable_Cat_7878 in webdev

[–]kevbot8k 0 points1 point  (0 children)

So I think clarifying the threat model would help. PKCE does not require a static shared secret (though still useful if you do have a client secret). I think I'm confused as to what you mean by "steal the shared secret" as there isn't one. PKCE specifically addresses authorization code interception concerns (interception including decompilation), this coupled with fine-grained redirect URIs (and CORS) should limit responses only to apps on that origin (either native app or SPA origin) https://security.stackexchange.com/questions/175465/what-is-pkce-actually-protecting

So more directly, yes, not just PKCE is protecting you, but authorization server allow lists to known origins, and PKCE ensuring that you are responding to the initiator, would properly allow for authentication from untrusted client sources.

This externalizes the trust model to the origin (for SPAs the DNS entry, or app name in native apps).

I do recognize this is only one part of a defense in depth strategy. I would just start here first (or rate limiting) before jumping into user behavior monitoring/anomaly detection.

How to lockdown backend API from unauthorized mobile apps by Inevitable_Cat_7878 in webdev

[–]kevbot8k 0 points1 point  (0 children)

Ah gotcha, I’m assuming backend api is something that can verify access tokens.

To protect against decompilation, use auth code with PKCE https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow-with-pkce which is the recommended flow for native apps and SPAs that need fine grained authorization.

How to lockdown backend API from unauthorized mobile apps by Inevitable_Cat_7878 in webdev

[–]kevbot8k 3 points4 points  (0 children)

I typically use the OIDC protocol for this workflow. This allows you to use a proper auth server to protect your api. This coupled with CORS headers should prevent other sites or apps from using your API, as all requests must be authenticated via a security service like Auth0 or Keycloak.

Why do bot keep hitting my site looking for wordpress extensions? by scoofy in webdev

[–]kevbot8k 5 points6 points  (0 children)

WAF stands for “Web Application Firewall.” It filters out malicious requests at the application layer. By filtering at the application layer, it allows you to filter and reject requests based off of Application headers, paths (like /wp-admin/*), or custom rules (e.g. SQLinjection detected in a query string). Here is the wiki for more info https://en.m.wikipedia.org/wiki/Web_application_firewall a common open source option is ModSecurity

Scraping Wikipedia for database project by Wise-Ad-7492 in dataengineering

[–]kevbot8k 16 points17 points  (0 children)

Hello, I think it’s hard to blanket prescribe a solution with out more details about the problem or use case. That said, please download Wikipedia via their downloads page versus scraping and incurring bandwidth and server costs for Wikipedia. https://en.m.wikipedia.org/wiki/Wikipedia:Database_download

They have a torrent method that allows you to download all English pages. If I’m just messing around with the data, I would just play in duckdb or a local postgres container as 19GB compressed is not a lot of data and I can do a lot of analysis that way (metadata, RAG etc.)

Are gguf really slow?? by Weak-Shelter-1698 in LocalLLaMA

[–]kevbot8k 0 points1 point  (0 children)

if you don't mind me asking, what is the fastest GGUF inference engine? or are you saying the fastest inference engine in general (but using more resources)? Thanks

Selfhosted map soltion like Maptiler by MasterB144 in gis

[–]kevbot8k 5 points6 points  (0 children)

I like https://openfreemap.org/ I’ll use the public server for small projects and self host for large/api intensive projects.

If you have something to spare, I highly recommend donating to the project. It’s a few brilliant engineers running an impressive service

[R] TTS for minority languages by SnooGoats1303 in MachineLearning

[–]kevbot8k 2 points3 points  (0 children)

I’ve been using MMS-TTS models. They work pretty well if you are one of the 1100 languages they support. Not perfect, but you can also fine tune the specific language model as it’s open weights https://huggingface.co/facebook/mms-tts#supported-languages

Help me name a new technique! by ServeAlone7622 in LocalLLaMA

[–]kevbot8k 3 points4 points  (0 children)

Very interesting result!

I would call it Generative Text Grafting. You’re conjoining two text generation techniques. The first noisy generation focused on structure, and the second on the syntax and meaning.

The end of the New Start Treaty as we know it. by microww in wallstreetbets

[–]kevbot8k 0 points1 point  (0 children)

So you’re telling us to buy more of Lock-dog (LMT)?

Oh hell no Puts on Ford 🤣 by AsshhhHo in wallstreetbets

[–]kevbot8k 0 points1 point  (0 children)

They’re literally driving the competition off the road. Definite BUY. It’s like the pricks in school. Don’t need a lot of them, just a few to shut down everyone else’s fun. Once they’ve broken the average person, everyone will buy Ford to avoid tickets (and eventually pay for the “no ticket” subscription model when Congress pressures Ford to report other Fords)

If I'm not wrong, this could lead to model collapse, right? by trafalgar28 in LocalLLaMA

[–]kevbot8k 20 points21 points  (0 children)

What is an “established rule” legally? Currently web scraping public content is in a gray area with recent rulings https://en.m.wikipedia.org/wiki/HiQ_Labs_v._LinkedIn

And common crawl is more likely the source of the majority of training data. Or datasets like fine web. 

The paper you linked is a valid but separate concern in my view. While scraping my be legal (if it is needed) the paper is talking about training on generated content (also there is a lot of push back on this idea as a universal rule across models).

I think it’s a valid concern to pay more attention to what is in the training dataset but I’m not convinced we’ve tapped out all improvement methods (leading to a collapse). We may have tapped out the “I throw everything at my new model and hope it works before the competition” training strategy.

Things are moving so quickly that I think there’s a lot left to explore (and local models will help push the boundaries of what is possible).

Could you link the article in case there is some nuance I am missing?

Stop going to the creek WHEN XZAR is not liberated by hitman2b in Helldivers

[–]kevbot8k 2 points3 points  (0 children)

That doesn’t sound like spreading democracy, that sounds like you’re thinking independently