How is "without being able to really put it in words" a mark of experience? Surely an engineer should be able to justify why an architecture should be arranged the way it is!
It's perfectly possible to put that sort of knowledge into words, but not in a condensed "recipe" that can be explained in a meeting, that will go into a single Hacker News comment, that will cover all cases, or that will satisfy LLM users looking for the easy way out.
Pretty much every area of knowledge is full of those. That's why people publish books, that's why people go to college or get PhDs, that's why people with experience gets hired.
Somethings are true not because of one big cause but 10,000 tiny paper cuts. Trying to explain it all just becomes a laundry list where each problem seems solvable but really each problem is there at the same time and inter-linked in non-obvious ways. And the experienced person just comes across as a nay sayer who doesn’t welcome innovation.
There are plenty of deeply skilled, experienced people (in all fields, not just ours) who struggle to explain that knowledge to others. Being a practitioner and being a teacher aren't the same skill.
But there's been security fixes in most releases of rsync!
Even then, why would a security fix be some kind of strike against AI? We've all seen LLMs being used to tease out the most serious and obscure bugs in C codebases. I'd expect to see a lot of security fixes for an ancient, well-used codebase when an LLM analyses it.
Regressions are bad and they should be avoided. Still, software engineering is a complex thing and regressions happened long time before coding agents were a thing. Unless one can pinpoint regression to changes that were more sloppy than the human-written rsync commits were I don't think coding agents are to blame.
Seems like that it's not that coding agents are to blame, its that the people who are ultimately responsible for committing and merging the offending code are to blame, regardless of its origin.
Or they are to blame because fixing 1000 CVE's doesn't magically absolve one of responsibility for regression bugs, even if one "accepts" them as a psychological salve.
If you are entitled enough then they are to blame they didn't fix everything at once, but in that case you really should be paying for their product and support. Otherwise fixing security issues has high enough priority to accept there might be downstream bugs that will be fixed in due course.
Would you hold off on fixing a security vulnerability if it caused a limited regression?
Regressions should be fixed expediently, but if you apply the criteria "need to not happen" they are literally blocking issues. They could then block security fixes.
Which part of security fixing demands thoughtless generation of code slop without regression testing though?
I worked on major OSS projects and we never just blindly pushed out untested poor quality code for security fixes since that adds WORSE security regressions.
The methodology describes the effort you may be putting into something, The outcomes are about what results are you prepared to accept.
Would you ship an update with a security fix if it had been thoroughly tested was shown to have certain regressions but no worse security regressions? Would you refuse to fix the security issue until you could do so without any degradation?
It's clear that people can and do accept regressions for security updates. Spectre mitigations cause performance regressions. SharedArrayBuffer got taken away for a while. Being absolutist about things seldom helps.
I agree due care should be taken where possible, but I'm also prepared to accept that mistakes can happen even when people have worked diligently to find issues.
Since you have worked on major OSS projects. Have any of them shipped regressions unintentionally? Right now that is the only thing we have to go on, that these things happened. The degree of care taken is an unknown, as is the degree of LLM involvement. We might know more in a week or two.
If you want to condemn something based upon what might have happened you can specifically state what you think shouldn't happen, and that will stand regardless of whether or not it applies to the current incident.
Obviously "Thoughtless generation of code slop without regression testing" is unacceptable, but that is because the conclusion is written into the statement by saying "thoughtless" "slop" and "without regression testing"
If tridge says 'I gave it thought, I don't agree that it is slop, and I did regression testing' then you have nothing further to complain about, because the incident does not fall under the criteria you specified.
It's saying 'things that are bad, are bad'. The defence is to say 'well, this isn't bad'
> ...if it had been thoroughly tested was shown to have certain regressions but no worse security regressions?
You'd have to test to know this, and there is no evidence that tridge did this regression testing - or ask Claude to find possible regressions caused by proposed changes. If tridge did test for regressions, but chose not to document the regression, then it's still negligence, regardless of the tools pr processes involved.
Are you saying that it is irresponsible to test for regressions and to not document the ones you didn't find or that you think it is reasonable to expect regression tests for every possible regression?
What were you trying to say? Because what you wrote is what parent responded to.
> there is no evidence that tridge did this regression testing
What evidence would you be looking for? New tests, like the ones added in the AI-assisted commits? What other evidence?
> If tridge did test for regressions, but chose not to document the regression
Presumably you weren't trying to imply here that tridge found a regression and decided to ship the code anyway; so parent went to a natural assumption - do you think testing for regressions finds all regressions?
I mean sure, it's not perfectly, 100% fair, but do you have a better plan, or just complaints? Because rural populations seem to want to have their cake and eat it too - living in a rural area to save money and have additional space, without wanting to pay for the extremely expensive roads that enable their lifestyle, or even to admit that it's infeasible for everyone to live that way
More driving both increases the likelyhood of damages to vehicles or people, and makes this a useage-based fee - so while not perfect, it's the closest we can realistically get without becoming mired in PR mis-understandings or complications, technicalities, and enforcement difficulties.
Rural populations do not have "their cake". They are already charged high prices for goods and transport and punished for not living in unhealthy dense urban environments. This just boosts their cost of living even more. Some people like things like fresh air, space and feeling a connection to the area they live in.
It seems that our rulers want little more than us living in tiny microhomes in filing cabinets, staring at a screen all day for all our needs, while they get to enjoy the countryside as some kind of safari park where they can do what they want. Or at best trapped into some panopticon where you will be prevented from travelling more than a few miles/kilometres away. Most modern urban environments are soul-destroying hellscapes which is why some people don't want to live in them.
Yep you can look up a car's MOT status publicly, including their mileage history at each inspection. I wonder if they'll send a bill from that report, or expect garages to act as tax collectors.
Though currently you don't need an MOT until a vehicle is 3 years old, so they'll to add something there.
Does it matter if the car is electric or not so much for road tearing? I'd thought the wheels and engine capabilities would matter more, but I'm not car expert.
EVs on average are heavier than ICE vehicles, and road damage scales with weight very quickly, but that’s not to say EVs are out there tearing up all the roads. Semi-trucks, construction equipment, heavy machinery towing, etc all do way way more damage than passenger vehicles by a wide margin.
> EVs on average are heavier than ICE vehicles, and road damage scales with weight very quickly
So then tax based on weight if that's the differentiator of the damage done? I guess in combination with mileage would make most sense, and add in a scale based on net worth too to make it extra goodie.
Historically, we've taxed based on gasoline usage, which is a pretty decent proxy for both weight and distance traveled, so it ends up being a road use tax. EVs don't use gas, so we need to introduce new road use taxes specifically for them.
Where this new fee has issues is that it would charge EV owners roughly double the average amount paid by ICE owners in federal fuel tax, and wouldn't consider how much driving a given EV is actually doing.
I wonder if it makes more sense to just add a tax on tires. Tire wear for most vehicles should be proportional to actual weight [1] and mileage, modulo tire quality. So just slap a tax on each tire quality type and there is no need for a system to record the mileage and weight of every car.
[1] Commercial vehicle weight is strongly determined by the cargo load.
Hey, at least this isn't a comment section about the states, which rate safety based on how the driver fares in a collision! Which would mean the people least likely to be hurt are the ones that are trying to cheat the tax, and the ones injured or killed are external to the vehicle.
Except of course it is: Americans externalizing costs to save a buck seems to have become endemic
If we go by the fourth power rule that is usually cited, it is kind of shocking how fast damage goes up with weight.
For example if you replaced a typical 40 ft transit bus containing 60 passengers going from point A to point B with those same 60 passengers in 60 subcompact electric SUVs, such as Hyundai Kona SELs, the 60 cars going from A to B would do do about 1% of the road damage that the bus would.
This also leads to an interesting possibility. Suppose you had a large city where everyone was driving the ICE version of the Hyundai Kona SEL, and then they all switched to the electric version. The electric version is ~500 pounds heavier than the ICE version, and by the 4th power rule would cause about 70% more road damage than the ICE version.
However, gasoline use in that city would plummet, and so the number of miles driving by the gas tanker trucks that supply the gas stations would plummet to.
Those trucks are way way way heavier than cars. The reduction in road damage from those trucks driving less would in many cases outweigh the increase in damage from everyone switching to a car that weighs ~500 pounds more.
18 wheeler type trucks do over 80% of the damage to roads. They could pay for it all and we'd all simply share the cost in the price of goods, and collection would be vastly simpler and cheaper.
But, there wouldn't be the opportunity for asking for political favors, so don't expect anyone who likes you having to beg to champion such a process.
so $130 for most drivers is actually a bargain in the US too.
I’d have to drive an EV about 35% more miles each year to make it to break even on tax versus our 35 mpg ICE car. It’s no bargain, it’s punishment for driving an EV.
EVs are also much harsher on roads because of their weight.
My Hyundai Ioniq 5 weighs less than the most popular vehicle in the US: the F-150. I don’t see those getting special taxes.
How do you pay more taxes on EVs when you factor in gas taxes?
Huh? Simple math?
$MILES_PER_YEAR/$200 (EV tax in WA) vs. $GALLONS_USED * $0.18 in the ICE car. I pay more in taxes to run the EV in a year than I do for equivalent miles in a 35mpg ICE. IOW, if I drove the Scion xB all the time, I’d pay less tax.
The alternative is them checking the odometer each year on the EVs, which would be fairer, but I feel like Americans would complain that’s an invasion of their privacy or something. Or it would upset the rural voters who have disproportionate power in this country.
Modern cars are full of phone home shenanigans, many of them with cameras and ToS that allow them to observe everything and sell all of the data to anyone that can rub two cents together. IIRC laws coming into effect next year mandate even more of it. If Americans care about privacy of their cars they have a funny way of showing it. The odometer read would actually be a great privacy improvement compared to that.
I think they should just tax tires. It sounds easier to administer and if it was a natural tax it would alleviate the main weakness it seemed to have: That's you buy your tires in the state with the lowest tire tax.
I drove 15,000 miles last year and paid 33.3 cents per gallon to my state. That’s around 833.33 gallons of gas so I paid about $278 dollars. $20 more. Assuming 18mpg.
For an EV I’d pay $258.90 extra to register.
My state must be factoring in average miles driven to come up with the $258 number instead of charging per mile driven.
The weight gap between EV and ICE is often exaggerated.
In fact, within ICE vehicles, the gap between sedans/hatchbacks/compact crossovers and giant SUVs and trucks is larger, and yet for some reason we aren’t taxing drivers of Suburbans and F-150s accordingly.
If we applied this logic fairly we should be pushing people to right-size their vehicles regardless of fuel type.
Keeping things simple and calculating the axle weight to the fourth powers of both vehicles, the F-150 causes 5.4x the road wear of the Honda Accord while using only 1.6x the gas.
The reason this doesn't matter so much, though, is that the types of trucks used for shipping goods, when loaded, cause on the order of 10^4 the road wear, dwarfing any differences between standard commuter vehicles, which is why commercial trucks have to stop at weigh stations.
The big trucks also have a lot more tires / tire surface area, to mitigate that. IIUC, the weigh stations are to ensure they aren’t overloading the truck, so that road wear is comparable instead of being that vastly greater
Redditors claim there is no evidence the weight is relevant to the wear rate of the roads, since weights have become comparable to a similar car and generally less than the average ICE truck, but that the superior acceleration of EV can be harsher on intersections https://www.reddit.com/r/electriccars/comments/1do2rtu/what_...
The only option to avoid a SmartScreen prompt from day 1 on Windows is to distribute through Microsoft Store, end of story.
If you sign it yourself, via Azure or your own $200/year cert, you will get a SmartScreen prompt initially, but the prompt will stop appearing once the file hash has sufficient download history. There is no exact threshold, but it can take several weeks and hundreds of clean installs from a wide audience.
This OS doesn't says it's maintenance-free! But it skips a whole load of maintenance you'd need to think about with a traditional base system, because 1) there's almost nothing there, and 2) the upgrade to that base is easy, you just reboot and restart your containers.
Obviously the software you run needs upgrades, but (again, but a layer down) it's based on Docker and probably someone else is maintaining it. So you pull that new container, restart and the OS is just making sure your data lands in the same place with the new container.
If you're happy with all your software running from Docker this seems like a step up from a Debian or Redhat, and it has a lot less bureaucracy than something like CoreOS.
Whether it's _usable_ I'm not sure (especially around storage management) but it's a really clear pitch.
The internet of 20 years ago was awash with info for running dedicated servers, fragmented and badly-written in places but it was all there. I can absolutely believe LLMs would enable more people to find that knowledge more easily.
I founded a hosting company 25 years ago when User-Mode Linux was the hot new virtualisation tech. We aspired to just replicate the dedicated server experience because that was obviously how you deploy services with the most flexibility, and UML made it so cheap! Through the 2010s I (extremely wrongly) assumed that being metered on each little part of their stack was not something most developers would choose, for the sake of a little convenience.
Does a regular 20-something software engineer still know how to turn some eBay servers & routers into a platform for hosting a high-traffic web application? Because that is still a thing you can do! (I've done it last year to make a 50PiB+ data store). I'm genuinely curious how popular it is for medium-to-big projects.
And Hetzner gives you almost all of that economic upside while taking away much of the physical hassle! Why are they not kings of the hosting world, rather than turning over a modest €367M (2021).
I find it hard to believe that the knowledge to manage a bunch of dedicated servers is that arcane that people wouldn't choose it for this kind of gigantic saving.
> I find it hard to believe that the knowledge to manage a bunch of dedicated servers is that arcane that people wouldn't choose it for this kind of gigantic saving.
Managing servers is fine. Managing servers well is hard for the average person. Many hand-rolled hosting setups I've encountered includes fun gems such as:
- undocumented config drift.
- one unit of availability (downtime required for offline upgrades, resizing or maintenance)
- very out of date OS/libraries (usually due to the first two issues)
- generally awful security configurations. The easiest configuration being open ports for SSH and/or database connections, which probably have passwords (if they didn't you'd immediately be pwned)
Cloud architecture might be annoying and complex for many use-cases, but if you've ever been the person who had to pick up someone else's "pet" and start making changes or just maintaining it you'll know why the it can be nice to have cloud arch put some of their constraints on how infra is provisioned and be willing to pay for it.
For the record, I have seen every one of those in cloud based hosting multiple times. None of those issues require special work any more than they do than in traditional hosting.
> And Hetzner gives you almost all of that economic upside while taking away much of the physical hassle! Why are they not kings of the hosting world, rather than turning over a modest €367M (2021).
Hetzner is an oldschool German company, it is not surprising to see them act this way. They are very profitable (165M Euro in 2024) and have very little debt. They also seem to be mostly bootstrapped and are not VC funded
reply