Asad R

You can’t outwork the whole world. There’s always going to be someone somewhere willing to work as hard as you. Someone just as hungry. Or hungrier. Assuming you can work harder and longer than someone else is giving yourself too much credit for your effort and not enough for theirs. Putting in 1,001 hours to someone else’s 1,000 isn’t going to tip the scale in your favor. What’s worse is when management holds up certain people as having a great “work ethic” because they’re always around, always available, always working. That’s a terrible example of a work ethic and a great example of someone who’s overworked. A great work ethic isn’t about working whenever you’re called upon. It’s about doing what you say you’re going to do, putting in a fair day’s work, respecting the work, respecting the customer, respecting coworkers, not wasting time, not creating unnecessary work for other people, and not being a bottleneck. Work ethic is about being a fundamentally good person that others can count on and enjoy working with. So how do people get ahead if it’s not about outworking everyone else? People make it because they’re talented, they’re lucky, they’re in the right place at the right time, they know how to work with other people, they know how to sell an idea, they know what moves people, they can tell a story, they know which details matter and which don’t, they can see the big and small pictures in every situation, and they know how to do something with an opportunity. And for so many other reasons. So get the outwork myth out of your head. Stop equating work ethic with excessive work hours. Neither is going to get you ahead or help you find calm. [The Outwork Myth — It Doesn't Have To Be Crazy At Work, 2018]

We know what probably happened. From what we see publicly, NightmareEclipse doesn't communicate well, is emotionally immature, and appears to want to extort Microsoft. Almost certainly, this played a part in the conflict between them and Microsoft -- it's probably as much NightmareEclipse's fault as Microsoft's. With that said, everything Florian says is correct. It doesn't excuse Microsoft's failures. They are supposed to be the responsible one, When there is miscommunication or dispute, it's always allowable to drop 0day, regardless whose fault it is. It's Microsoft's job to avoid that, even when they really aren't at fault for the miscommunication. But Microsoft has convinced themselves of the opposite, that "responsible" disclosure means only the responsibilities of the vuln finder. Vuln finders have no responsibility. Dropping 0day is responsible. Responsible companies don't have so many bugs. We let industry subvert the disclosure process. Instead of working to secure their code, vendors have tricked people into believing in the myth of "responsible disclosure", that vendors should be given time to fix and patch their bugs so they are never to blame for the bugs to begin with. That's why you have customers still buying Fortinet appliances even though their bugs continue to be major sources of customers getting hacked. Customers shrug their shoulders: as long as Fortinet has a vulnerability disclosure program and releases patches, they aren't responsible for when hackers keep breaking into their boxes. This is garbage. Vendors are still responsible for preventing bugs in the first place, a responsibility that doesn't go away just because they patch. Regardless of what happened, Microsoft's threats are a gross violation of ethics in the industry.

I can share an interesting experience from last week. We have a person who is incharge of buying hardware, software and data sets. This might sound stupid but when you are buying 100s of servers, workstations and laptops a month, it's complicated. This dude used Claude to create an entire tracking and maintanence portal that inventoried everything. He even managed to integrate the portal with our monitoring software to display the status of every server vm. He then modified it to store invoices and so on. He's been at it for a couple of weeks and we've been able to identify wastage and needs. Without Claude, this would have been a maze of spreadsheets and a lot of manual labor. But we wouldn't have hired a developer for this. To me, this kind of software is the killer use case for AI. Enough to simplify your life, but not enough to justify hiring someone or buying a product. Is the code great? Is it scalable? Is it good software engineering? No, no and no. But that's besides the point.

I get how uncomfortable it feels to disengage from the syntax, from the sequence, selection, and iteration of code, from the dopamine hit of getting a complicated function to execute properly. I get it. I've been coding for longer than most of you have been alive -- I get it. But the bar has been raised. And if I, someone who has been coding for more than six decades, can clear that bar, you should be able to clear it too. And fear not, I've found plenty of joy on the topside of that bar. It just take a leap...

I'll tell you why so many people upset about the "no hallucinated citations" ban on the arxiv: because they've all been copying citation lists from each other without checking them since the beginning of time. And why did they do this? Because half of the citations in scientific papers are politics and not to the benefit of the reader. If you don't list the right papers, your paper doesn't look 'right' and reviewers will complain that you didn't cite this-and-that other unrelated work. For what I am concerned, these are all bullshit citations that shouldn't be in the papers in the first place. They can easily be automated by "related papers" links, that are (wait for it) provided by... AI...