@cgtwts He's not wrong insofar as "open weights" is not enough to be considered open source.
For a fully open source model you need the data, the parameters and the training scripts to also be open. Fully e2e reproducible. https://t.co/MLNUPpDRPv
@thdxr This was plainly obvious immediately, people continually try to apply software principles to a thing that foundationally does not behave like software. It's a new class thing with new rules.
@nanasi_RPG Fascinating, I've been experimenting with Eink for human centered products but the refresh cycle is killer. I wonder if I can get a small panel shipped to the US to play with...
@thdxr I will only do a plan for larger VERY mechanical changes, like "add this feature flag and plumb it through to <place 10 levels deep in the call stack> etc" just so it doesn't get sidetracked.
But never for "hmm how should this work" type stuff
๐ฅ Introducing "Dirty Frag"
A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail.
No race, no panic on failure, fully deterministic. ~9 years latent.
Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more.
Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation.
Details:
https://t.co/9nqku4svkY
@zeeg I mean, i live in terminal, with a tui a single command in a tmux tab I'm in and out. Don't have to touch the mouse, a gui is a painful requirement to switch windows and then use a mouse
It still pains me a bit to say it but the "humans should not be reviewing code" side is definitely going to win. Even if the models never get better than today (they will).
You carefully review the design docs, and the testing plan. But not the generated code.
@charliermarsh Some more dead ringers:
1. the code block file tree of "repo structure" that is always inaccurate.
2. The ascii box diagram of a flow that makes 0 sense to have in a top level readme.
The combination "high effort" display of useless info is the strongest signal.
@IroncladDev I sign all my commits, just feels like good online hygiene to have a cryptographic identity.
Also, honestly ssh keys are easier to deal with that http