“AI” being shorthand for “Actual Indians” once again.

The companies that don’t realize you just pretend to be migrating to LLM development while laying off workers to hire cheaper labor in other countries are gonna tank.

It’s so much more costly to run development on a massive super cluster than to just have a room of 10 developers somewhere in Bangaldesh bash out some working code in a day.

The other thing is that we’re seeing unprecedented levels of slop being pushed out to production codebases. Codebases that are gonna become the backbone of companies for decades to come. Someone will have to one day be able to understand the slop and fix it.

Looking at the API that fetched the candidate information, the researchers noticed that it contained an insecure direct object reference (IDOR) weakness, exposing an ID parameter that appeared to be the order number for the applicant. For the researchers’ application, that ID was 64,185,742.

This is super common. They are securing the thing that sends you the endpoint for the record, but not the API for getting the records themselves.

It’s kinda like saying “hey, the key to your room is in the box labeled 10” so you go to that box and grab your key. But you notice that there are boxes on the left and right of box 10, and those boxes contain the keys to other rooms.

No one ever told you that boxes 9 and 11 exist (the modicum of “security” the API provided), but all it takes to find them is knowing that you have a box and there was probably someone who got a box before you and after you.

It means they’re just incrementing the id by one for each record, you could get a little bit better using a GUID that isn’t sequential, but really you should only allow access to that record if someone has a valid credential.

In this specific situation it seems that they did have auth, but they left the testing store accessible with default admin passwords (123456) and that testing admin could then be used to access literally everything else.

If you share receipts with me I’ll ban them

Edit: found it

This is like 5 years old lol

Like, there’s some kid who’s now in kindergarten who was born the minute this tweet was posted.

I’m realizing just now that I’m old and that time is linear and unidirectional…

Nvidias New valuation: NaNeInf

This is total BS and this person has never had to live on a low wage. That $15/hr becomes $10/hr after taxes and health insurance (of which an increasingly small portion is given back to you in services), then rent takes another $7.50 off ($1200/mo) leaving you with $2.50/hr to live. That’s $400/month for gas, groceries, savings, and entertainment/shopping.

With a single basket of groceries frequently pushing $65-80 with inflation, you really only have about $100 left max for everything else.

This whole scheme is meant to force you to use consumer credit services. Ones that will compound your shortfall in interest making you a permanent debt slave to the credit agencies.

If you removed credit and reduced taxes (by actually using them to provide cheap/free services that reduce other financial burdens) you’d have a flourishing consumer spending market. However, direct wage expenditure is significantly less valuable than credit expenditure to financial institutions. They can leverage and trade consumer credit debt as an asset. They can’t trade debit spending.

This is why programmers frequently end up in the weird conservative/liberal camp. It’s the closest to ‘if you can dream it you can do it’ anyone can get while still laboring.

That’s also why these same people are obsessed with AI, because even the relatively simple labor of programming is too much for them

He has a whole book titled “Value, Price, and Profit” more of a pamphlet, but it’s still longer than anything this goober would read

It’s honestly barely an SUV by American standards, looks like a crossover

That’s always been the goal. You kneecap a public service, convince people that it sucks and needs to be privatized, then firesale the assets to a company you own

Which is why the market declares that 30% of your income for a bunk bed is fair!

They also cost you a fixed 30% of your monthly income instead of a fixed 3%!

I use Python pretty heavily and global state there is pretty rock solid thanks to the GIL, I also work primarily on single system local programs where I don’t have to worry about syncing anything over the network.

I have to use a DSL at my job that is loosely based on JavaScript and it is so loose with requiring semicolons and brackets that for some reason whenever go to edit other people’s code who aren’t exactly developers, VSCode thinks it’s ocaml…

I still like having my state clearly defined somewhere if necessary. Always declare them at the top of the main file and clearly document them if you need to use them though.

I will sometimes create a global caching object, but I typically program in Python, so having the cache allocated ahead of time isn’t a big deal.

Even so I usually put a limit on the global cache unless I know exactly how big it’s gonna be. I have a pretty large automation suite that requires tool scripts to be instantiated, and that initialization for each tool object can take up to 10 seconds. The system that runs the scripts is constantly creating and destroying the tool objects, so I had to cache them and hijack the init method to pull from a global cache or it would take up to a minute for the toolbox to load.

Since the initialized information (database connections and schema maps) is unlikely to change during a session, it was a good tradeoff.

As others said, global constants are totally fine. Especially for anything that requires authentication. I usually assign them on startup by pulling from either a config file or system environment variables.

Python also heavily relies on globals for logging, which is unavoidable if you want to use standard lib and also do logging.

Hey, they just built the perfect place to put them

It’s on a stretch of (formerly) preserved wetlands called Alligator Alley that connects the Gulf to the Atlantic Coast via a toll road.

Trump loves his puns

This is actually a good thing

That being said, the kids coming out of college are the worst. I should not be teaching you how to read a wiring diagram when you’re in charge of the project.

I really don’t think any engineering grad should touch a project until theve worked a technician or design position. It’s wild how many I’ve seen be thrown into project management roles straight out of school.

It would be one thing if they were for the most part friendly and knew how to work well with people, but geez, my experience with them is basically like babysitting your boss. So many times I’ve just had to forsee their mistakes, come up with the solution, and wait until shit hit the fan to fix the obvious problem because they’re too proud of themselves to listen.