I posted a job for freelance dev work and all replies were obviously ai generated. Some even included websites that were clearly made by other people as their 'prior work'. So I pulled the posting and probably won't post again.
Who knew. AI is costing jobs, not because it can do the jobs, but it has made hiring actual competent humans harder.
Plus, because it's harder to just do a job listing and get actual submittals, you're going to see more people hired because who are hired because of who they know not what they know. In other words if you wasted your time in networking class working on networking instead of working on networking then you're screwed
The arts and crafts industry has the same problem. If you wasted your time in knotworking class working on not working instead of working on knotworking, then you're screwed.
if you're still looking and it's a js/ts project, I can help. I'll use a shit ton of AI, but not when talking to you. my email is on my profile. twitter account with the same username.
Oh my god. I haven't finished reading that yet, it became too much to comprehend. Too stressful to take in the scope. The part where he could have put malware into release files of 10s of thousands (or millions?) of open source tools/libraries/software. That could have been a worldwide catastrophe. And who knows what other similar vulnerabilities might still exist elsewhere.
I'm starting to think these 'Github Apps' are a bad idea. Even if CodeRabbit didn't have this vulnerability, what guarantee do we have that they will always be good actors? That their internal security measures will ensure that none of their employees may do any malicious things?
Taking care of private user data in a typical SaaS is one thing, but here you have the keys to make targetted supply chain attacks that could really wreak havoc.
Correct me if I'm wrong, but the problem here is not with GitHub Apps, instead CodeRabbit violated the principle of least privilege: ideally the private key of their app should never end up in the environment of a job for a client but rather a short lived token should be minted from it (for just a single repo (for which the job is running)) so it never gets anywhere near those areas where one of their clients has any influence over what runs.
There's also no reason why they needed to have write access to post code review comments. But for some reason they ask for it and you can't deny that part when hooking up their thing.
The bunny will often include patches in its replies that the PR author can commit. I've never been clear as to which of us is doing the committing but that could be the need for write access. (I always do it myself but I can see how some might prefer the convenience.)
They should really mass revoke that privilege because I can't see any upside to it. Unless they have a plan for some future state where they will want write access?
I agree, this seems like straight up bad design from a security perspective.
But at the same time, me as a customer of Github, would prefer if Github made it harder for vendors like CodeRabbit to make misstakes like this.
If you have an app with access to more than 1M repos, it would make sense for Github to require a short lived token to access a given repository and only allow the "master" private key to update the app info or whatever.
And/or maybe design mechanisms that only allow minting of these tokens for the repo whenever a certain action is run (i.e not arbitrarily).
But at the end of the day, yes, it's impossible for Github to both allow users to grant full access to whatever app and at the same time ensure stuff like this doesn't happen.
The private key isn’t a key in the “API KEY” sense, it’s a key in the “public/private key pair” sense. It’s not sent to github and there’s no way for them to know if the signing of the token used to make the call happened in a secure manner or not, because github doesn’t receive the key as part of the request at all.
GH Apps already use short-lived tokens that can be scoped per repo. You mint a token using your private key and exchange it for a token via API. Then you use that token and dispose of it. That's the only way to use GH Apps (User Access Tokens which are the same thing, but require user interaction) Those tokens always expire.
I'd rather GitHub finally fix their registry to allow these GH Apps to push/pull with that instead of PAT.
there isn't anything quite like it still. There's something about it being 2.75D that makes it approachable even though it's 3-D, and the attention to the art was a big deal, too.
Reading things like this, stories in this thread, and about how people are avoiding seeing the doctor because they're afraid of the bills ... makes me realize in some ways Thai people actually have a higher quality of life than many in US in this respect.
Costs are order of magnitude(s) lower. A night in the hospital is typically 5,000-10,000 baht or $166-$333. And the quality of care is at a good standard .. so much so that Thailand has become a Medical Tourism destination:
Thailand is a relatively poor country, but we are still able to do this. In the US, I guess some people would rather die than admit needing help from the government ... or trying to clamp down on healthcare costs cause it would be too much 'regulation'?
Well, one reason people don't become medical tourists are concerns about quality. Americans in particular are still convinced, despite ample evidence to the contrary, that our medical system is the highest quality in the world - and that this justifies the costs.
I believe this is false. Healthcare quality is basically the same in all first-world countries, the only difference is cost structure. (My wife had a c-section in Germany and our total cost was about 100 euros for an optional private room.)
> Healthcare quality is basically the same in all first-world countries
While this statement is correct, my understanding is that there are still small quality differences, and the US is in fact the word leader in quality. Thinking about it, this also makes sense – if you are willing to pay extreme amounts to doctors, you should also see at least some improvements in quality.
But we are talking something like <1% better quality for +100% the cost, so this is clearly not worth it. But if I was a billionaire with a difficult disease, I would definitely at least consider going to the US for treatment.
No, it does properly support both of those and I've been happily using those features in VS Code for a while now. It might actually be the best editor for JSX.
You can remap this functionality, but this particular key combo doesn't seem to work.
By default it was on ctrl+3/4, and I don't think it's a wise choice as ctrl+number is good for either selecting first 10 tabs (chrome, ff), or for opening a speed dial entry (Opera=<12). I would actually like both of these functions, perhaps on alt+number and ctrl+number.
I prefer CTRL+TAB and CTRL+shift+TAB because they can be used with one hand moving the hand only slightly from its natural resting position. It also remains essentially identical on almost any keyboard. Neither of these are true for CTRL+PGUP and CTRL+PGDN.
Ctrl-Tab/Ctrl-Shift-Tab (along with other tab management keys like Ctrl-T and Ctrl-W) are nice because you can hit them using only the left hand, with the right hand remaining on the mouse.
With all this writing about the 'quantum problem' and quantum mechanics not making sense, I don't understand why quantum theorists don't take pilot wave theory and the oil droplet experiments more seriously.
It's because the problems mentioned in the article are primarily philosophical in nature and not things most physicists, even quantum physicists, spend actual time researching. For example anything related to the many world interpretation or more generally the measurement problem, would make for a terrible thesis topic, it also probably wouldn't get any funding (Pilot wave theory in particular is explicitly excluded from receiving funding from the NSF, see http://www.mth.kcl.ac.uk/~streater/lostcauses.html). So the only people working on such things are professors well into their tenure and even they will more likely write about such topics during the family summer vacation.
My thesis advisor does get NSF funding and he does Bohmian mechanics. I have a very talented colleague doing this as well and he ended up with tenure recently. But it is a very hard road.
I did a thesis on it which I am quite proud of. But I also left academia proper though more due to my disgust with various aspects of the system unrelated to the discrimination associated with Bohmian mechanics.
To be fair to your point, the successful ones pursuing this either hide out in mathematics departments or keep their mouth shut until well-established.
I can't speak for other quantum theorists, but pilot wave theory does nothing to make multi-particle entanglement less mysterious. It provides a nice story for wave-particle duality, but for a long time it has been apparent that this is not the central mystery of quantum mechanics.
It does focus the discussion clearly on the wave function as defined on configuration space, bringing to the front the importance of position.
But mostly the reason is that if you are going to develop a better theory (namely how relativity and qm work together), then it may be helpful to start on a clear foundation where irrelevant confusions have been eliminated.
For example, the role of operators is derived in pilot wave theory, not assumed. This greatly simplifies the issues of putting quantum mechanics on curved space where the Fourier transform may not be so easily defined, if at all. You do have to worry about the Hamiltonian and its boundary conditions, which is part of the physics of the space, but the relevant measurement operators are derivable from the ported theory.
I believe the Aeon article is referring to pilot wave theory when it talks about Broglie-Bohm, although it does so with almost no explanation, even though it's one of the main threads of the article.
I think the idea of pilot wave theory is really interesting, and that a variant of it could turn out to be more fundamental than our current understanding of quantum physics.
I don't understand why quantum theorists don't take pilot wave theory and the oil droplet experiments more seriously.
This goes back to Einstein, whose main beef with QM actually wasn't indeterminism. Instead, determinism was supposed to be a means to restore locality. Bell's theorem tells us this is doomed to fail, and indeed Bohmian mechanics restores determinism only at the cost of locality.
Even though experiments with walking droplets are an impressive demonstration that wave-particle duality isn't necessarily something mysterious, they don't help to address the issues at the heart QM.
Computers overriding human instructions have also caused crashes.
http://en.wikipedia.org/wiki/Scandinavian_Airlines_Flight_75... -- engines ingested ice and started surging. Pilots commanded reduced power, but the Automatic Thrust Restoration system no one told them was there countered that move, leading to a double engine failure and a crash landing.
Who knew. AI is costing jobs, not because it can do the jobs, but it has made hiring actual competent humans harder.