DON'T JOIN META, no matter how fast the recruiters reply to your messages. No matter how cool the work sounds (the managers lie in team matching). There's a reason why the average tenure is <2 years.

It's a toxic and fear based culture. You join, the people around you are already thinking how to scapegoat you. People gatekeep actual work and save it for political favorites and everyone else on the outside is stuck cooking up bullshit projects. If you do manage to find work on your own, people will immediately start scheming to steal it

Give me the ability to choose what I trust. “You can either trust Apple and nobody else, even yourself, or you can trust literally everybody” is obviously not a good faith implementation of this. Apple excels at steering the narrative with false conflation and false dichotomy, I’d also remind you of the came-and-went secure boot debate, which Apple successfully steered into Apple owns the encryption keys vs no encryption, and people just kind of forgot to ask, wait, why can’t I have the keys to my device?

https://tsz.dev

Rust is perfect for writing all of code using LLM. It's strict type system makes is less likely to make very dumb mistakes that other languages might allow.

Also want to note that writing the code using LLM doesn't remove the need to have a vision for the design and tradeoffs you make as you build a project. So Jarred and his team are the right kind of people to be able to leverage LLMs to write huge amounts of code.

  > I work on Bun and this is my branch
  >
  > This whole thread is an overreaction. 302 comments about code that does not work. We haven’t committed to rewriting. There’s a very high chance all this code gets thrown out completely.
  >
  > I’m curious to see what a working version of this looks, what it feels like, how it performs and if/how hard it’d be to get it to pass Bun’s test suite and be maintainable. I’d like to be able to compare a viable Rust version and a Zig version side by side.

They are essentially like that one JPEG meme, where each pass of saving as JPEG slightly degrades the quality until by the end its unrecognizable.

Except with LLMs, the starting point is intent. Each pass of the LLMs degrades the intent, like in the case of a precise scientific paper, just a little bit of nuance, a little bit of precision is lost with a re-wording here and there.

LLMs are mean reversion machines, the more 'outside of their training' the context/work load they are currently dealing with, the more they will tend to gradually pull that into some homogenous abstract equilibrium

1. First, year ~2015 legal framework was created under disguise of banning pirated media(specifically torrents.ru)(legislative push). State-wide DNS ban introduced. Very easy to circumvent via quering 8.8.8.8

2. Then, having legal basis, govt included extra stuff in banned list(casinos, terrorist orgs, etc)(executive push). IP bans introduced, applied very carefully.

3. Legal expanded allowing govt to ban specific media on very vague criterias(legislative push). IP blocks tried on some large websites. DPI hardware mandated to be installed by ISPs to filter by HTTPS SNI(executive push).

4. At ~2019 Roskomnadzor(RKN) created, special govt entity which enforces bans without court orders(legislative push).

5. ~2021 sites become banned if they are not filtering content by Russian laws by request of RKN(executive push). VPN services were obligated to also DPI-filter traffic(legislative push).

6. ~2023 Crackdown on VPN started(executive push). Popular commercial services were IP-banned, OpenVPN and IPSec connections selectively degraded by DPI.

7. ~2025 Heavy VPN filtering(vless, wireguard, etc) introduced(executive push). Performance of certain sites were degraded(youtube, twitter, etc).

This simple policy then goes on to silence most individual publisher(/self-media) and consolidated the industry into the hands of the few, with no opportunity left for smaller entrepreneurs. This is arguably much worse than allowing children to watch porn online, because this will for sure effect people's whole life in a negative way.

Also, if EU really wants "VPN services to be restricted to adults only", they should just fine the children who uses it, or their parent for allowing it to happen. The same way you fine drivers for traffic violation, but not the road.

And if EU still think that's not enough, maybe they should just cut the cable, like what North Korea did.

However, it often makes conceptual errors that I can spot only because I have good knowledge of the topic I am discussing. For instance, in 3D Clifford algebras it repeatedly confuses exponential of bivectors and of pseudoscalars.

Good to know that ChatGPT 5.5 Pro can produce a publishable paper, but from what I have seen so far with Gemini, it seems to me that it is better to consider LLMs as very efficient students who can read papers and books in no time but still need a lot of mentoring.

Now of course you could just reprompt your LLM to change the HTML - but when I already have a clear idea of what I want to say in my head, that’s just another roadblock in the way.

If this pattern becomes more common I suspect human/LLM co-creation will further dwindle in favour of just delegating voice, tone and content choice to the LLM. I was surprised not to see this concern in the blog post’s FAQ.

180 million (~65%) towards ancillary project support, which includes a huge ecosystem of useful technologies around linux

Their 'corporate operations' overhead is like 5% of expenses. whoop.

Cooling in datacenters is like everything else both over and under provisioned.

It's overprovisioned in the sense that the big heat exchange units are N+1 (or in very critical and smaller load facilities 2N/3N). This is done because you need to regularly take these down for maintenance work and they have a relatively high failure rate compared to traditional DC components and require mechanical repairs that require specialized labor and long lead times. In a bigger facility its not uncommon to have cooling be N+3 or more when N becomes a bigger number because you're effectively always servicing something or have something down waiting for a blower assembly which needs to be literally made by a machinist with a lathe because that part doesn't exist anymore but that's still cheaper than replacing the whole unit.

The system are also under-provisioned in the sense that if every compute capacity in the facility suddenly went from average power draw to 100% power draw you would overload the cooling capacity, you would also commonly overload things in the electrical and other paths too. Over provisioning is just the nature of the industry.

In general neither of these things poses a real problem because compute loads don't spike to 100% of capacity and when they do spike they don't spike for terribly long and nobody builds facilities on a knife-edge of cooling or power capacity.

The problem comes when you have the intersection of multiple events.

You designed your cooling system to handle 200% of average load which is great because you have lots of headroom for maintenance/outages.

Repair guy comes on Tuesday to do work on a unit and finds a bad bearing, has to get it from the next state over so he leaves the unit off overnight to not risk damaging the whole fan assembly (which would take weeks to fabricate).

The two adjacent cooling units are now working JUST A BIT harder to compensate and one of them also had a motor which was just slightly imbalanced or a fuse which was loose and warming up a bit and now with an increased duty cycle that thing which worked fine for years goes pop.

Now you're minus two units in an N+2 facility. Not really terrible, remember you designed for 200% of average load.

That 3rd unit on the other side of the first failed unit, now under way more load, also has a fault. You're now minus 3 in a N+2 facility.

Still, not catastrophic because really you designed for 200% of average load.

The thing is, it's now 4AM, the onsite ops guy can't fix these faults and needs to call the vendor who doesn't wake up till 7AM and won't be onsite till 9.

Your load starts ramping up.

Everything up above happens daily in some datacenter in the USA. It happens in every datacenter probably once a year.

What happens next is the confluence of events which puts you in the news.

One of your bigger customers decides now is a great time to start a huge batch processing job. Some fintech wants to run a huge model before market open or some oil firm wants to do some quick analysis of a new field.

They spin up 10000 new VMs.

Normally, this is fine, you have the spare capacity.

But, remember, you planned for 200% of AVERAGE cooling capacity and this is not nodes which are busy but not terribly busy, these are nodes doing intense optimized number crunching work which means they draw max power and thus expel max waste heat.

Not only has your load in terms of aggregate number of machines spiked but their waste heat impact is also greater on average.

Boom, cascading failure, your cooling is now N-4.

Server fans start ramping up faster which consumes more power.

Your cooling is now N-5.

Alarms are blaring all over the place.

Safeties on the cooling units start to trip as they exceed their load and refrigerant pressures rise.

Your cooling is now N-6.

Your cooling is now N-7.

Your cooling is now 0.

Fairly well-known locally is that my favourite bookshop, The Open Book in Richmond, stocks signed copies of all his books. They used to be signed directly on the page, but since he got to the mid-to-late nineties in age, tons of hardbacks are too much, so Helena wanders up there to get a load of bookplates signed these days.

Apart from that, I order all my books from them when I'm in London and a subsequent chat with Madeleine usually lasts ten times as long as the book shopping.

Anyway, I digress, yes, Sir David, amazing body of works and the books are wonderful.

The catalyst is the shift towards software transparency: both the radically increased adoption of open source and source-available software, and the radically improved capabilities of reversing and decompilation tools. It has been over a decade since any ordinary off-the-shelf closed-source software was meaningfully obscured from serious adversaries.

This has been playing out in slow motion ever since BinDiff: you can't patch software without disclosing vulnerabilities. We've been operating in a state of denial about this, because there was some domain expertise involved in becoming a practitioner for whom patches were transparently vulnerability disclosures. But AIs have vaporized the pretense.

It is now the case that any time something gets merged into mainline Linux, several different organizations are feeding the diffs through LLM prompts aggressively evaluating whether they fix a vulnerability and generating exploit guidance. That will be the case for most major open source projects (nginx, OpenSSL, Postgres, &c) sooner rather than later.

The norms of coordinated disclosure are not calibrated for this environment. They really haven't been for the last decade.

I'm weirdly comfortable with this, because I think coordinated disclosure norms have always been blinkered, based on the unquestioned premise that delaying disclosure for the operational convenience of system administrators is a good thing. There are reasons to question that premise! The delay also keeps information out of the hands of system operators who have options other than applying patches.

Remote attestation doesn't use blind signatures (as that would be 'farmable') so tying the device to the 'attestee' is technically possible with collusion of Google servers: EK (static burned-in private key) -> AIK (ephemeral identity key in secure enclave signed by a Google server) -> attestation (signed by AIK). As you can see if the Google server logs EK -> AIK conversions an attestation can be trivially traced to your device's EK. This is also why we don't really see and probably never will see online services which offer fake remote attestations, as it will be pretty obvious that the next step of running such a service is getting Google as a customer and having all your devices blacklisted. Private farms probably won't last long either as I'm sure Google logs everything and will correlate.

Unless something special is done with this new reCAPTCHA not only are you locking internet services behind TPM chips but you are also surrendering anonymity to Google. Unless you acquire untraceable burners for every service, the new reCAPTCHA will be technically capable to tying all your accounts across all these services together. Much like age verification. It may appear that the service would need to cooperate to link the reCAPTCHA session to your registration but the registration time alone will likely be sufficient (the anonymity set will be all but destroyed).

Convince me I'm wrong.

Two of them have already leaked before. Both of those are missiles being viewed with an infrared camera. One of them shows a missile passing through the field of view rapidly with a motion blur streak behind it. The other shows a missile performing maneuvers and a camera artifact showing a star-like diffraction+aperture artifact around the bright IR light source.

None of these pieces of imagery look like something doing something particularly interesting. What happens is a military personnel records a video. They don't know what it is in the moment. It gets labeled "unknown" and put on a DoD file server, and then either they or someone else who stumbles across it clips out part of it and starts to spread rumors about this amazing video of a UAP they saw. There are people who work for the DoD who appear to spend a great deal of their free time scrolling around internal DoD file servers looking for anything they can portray as proof of aliens, and sometimes they leak their stories and even clips to public UFO influencers like Jeremy Corbell.

There are almost no globally competitive Polish companies. The "growth" is branch offices of German and American corporations taking advantage of engineers who'll work for 40% of Berlin rates. Remove the foreign-owned sector and you're looking at a mid-tier economy running on EU structural funds.

It's a great place to live, genuinely. But calling this "Poland's economy" is like calling a McDonald's franchise "your restaurant"

The security of UUIDv4 is based on the assumption of a high-quality entropy source. This assumption is invalidated by hardware defects, normal software bugs, and developers not understanding what "high-quality entropy" actually means and that it is required for UUIDv4 to work as advertised.

It is relatively expensive to detect when an entropy source is broken, so almost no one ever does. They find out when a collision happens, like you just did.

UUIDv4 is explicitly forbidden for a lot of high-assurance and high-reliability software systems for this reason.

It is a story of a country that made a lot of the right decisions along the way. Managed to keep consistent high growth, not a pony trick or boom/bust mode.

Poland should be a role model for many other countries.

Recommend a book: https://www.amazon.com/Europes-Growth-Champion-Insights-Econ...

And Noah's blog post: https://www.noahpinion.blog/p/the-polandmalaysia-model

* It's running a kind of Chrome on a kind of Linux, at a stretch.

* Nobody can infer when I work and when I sleep. That includes me.

* The recent, high-end display is the screen of a low-end tablet I bought in a supermarket five years ago.

* But yes, browser fingerprinting is annoying.

* Since you can detect light mode, would it kill you to honor it?

I'm terribly sorry to hear of your passing, but am pleased that you have since gotten better.

Cheers!

Oh, very rigorous engineering standards. The wheels aren't supposed to fall off for a start.

„Poland is the largest beneficiary of EU funds 2014-2020, with one in four euro going to Poland“

https://www.gov.pl/web/funds-regional-policy/poland-at-the-f...

Update: The comments below this are strange.

I ment: „Poland gets money, Poland transforms it into more money”.

Is Poland more efficient in it than other countries? I do not know. Would Poland have generated less money without it ? Probably? Is an annual investment of the 2-3%of the GDP into a country a lot? I think so?