• 0 Posts
  • 137 Comments
Joined 2 years ago
Cake day: July 9th, 2023
  • AA5B@lemmy.worldtoSelfhosted@lemmy.worldDo you actually audit open source projects you download?English
    1·
    1 month ago

    I’m actually planning to do an evaluation of a n ai code review tool to see what it can do. I’m actually somewhat optimistic that it could do this better than it can code

    I really want to sic it on this one junior programmer who doesn’t understand that you can’t just commit ai generated slop and expect it to work. This last code review after over 60 pieces of feedback I gave up on the rest and left it as he needs to understand when ai generated slop needs help

    Ai is usually pretty good at unit tests but it was so bad. Randomly started using a different mocking framework, it actually mocked entire classes and somehow thought that was valid to test them. Wasting tests on non-existent constructors no negative tests, tests without verifying anything. Most of all there were so many compile errors, yet he thought that was fine

  • AA5B@lemmy.worldtoSelfhosted@lemmy.worldDo you actually audit open source projects you download?English
    5·
    1 month ago

    My company only allows downloads from official sources, verified publishers, signed where we can. This is enforced by only allowing the repo server to download stuff and only from places we’ve configured. In general those go through a process to reduce the chances of problems and mitigate them quickly.

    We also feed everything through a scanner to flag known vulnerabilities, unacceptable licenses

    If it’s fully packaged installable software, we have security guys that take a look at I have no idea what they do and whether it’s an audit

    I’m actually going round in circles with this one developer. He needs an open source package and we already cache it on the repo server in several form factors, from reputable sources …… but he wants to run a random GitHub component which downloads an unsigned tar file from an untrusted source

  • AA5B@lemmy.worldtoMemes@sopuli.xyzRelevant advertising 🤪
    3·
    7 months ago

    if you do it deliberately it’s no different to any other weapon.

    Of course but at least there’s the possibility of it being an accident. Absent other proof, such as that possession of a manifesto, you can quite possibly get away with it

    On the other hand there’s no way to spin as an accident that you walked up behind someone and shot them

  • AA5B@lemmy.worldtoShowerthoughts@lemmy.worldIf "Master/Slave" terminology in computing sounds bad now, why not change it to "Dom/Sub"?
    1·
    10 months ago

    Or isn’t the other half of that …… if you have a toxic personality and wish to change that, there may be no single fix but to pay more attention to many small habits contributing to that toxicity.

    This whole conversation reminds me of the similar one many years ago, about crude jokes and pictures/calendars in the workplace. The dominant population said exactly the same things. However now we’re all more professional and work is much less toxic, not just for women, minorities, people with different preferences, but also less toxic for us white male heteros as well. We all won that one

  • AA5B@lemmy.worldtoShowerthoughts@lemmy.worldIf "Master/Slave" terminology in computing sounds bad now, why not change it to "Dom/Sub"?
    3·
    10 months ago

    people looking for something in their sphere of knowledge to be offended about so they can feel like they are part of “a movement”

    I always thought it was just people looking for something in their sphere of influence that they could do to make a difference, no matter how small.

    The computing world is known for being hostile toward most out-groups, and I’ll welcome any effort to change that, no matter how small and how silly it seems. The real change needs to be in the people but perhaps being cognizant of such details will help remind us all to be more open and welcoming