On a positive side, you won't have to do 100% of SOC 2 Type 2. The only required part is security if I remember correctly. And a lot of it is best practices that need to be in place anyway. If you are using an established cloud provider a lot of it is in place through their certifications. Some of the controls can be "silly", but generally not hard to put in place. I'd try to figure out what are the minimum nr of controls required and see if that is doable. Pretty sure auditors will give a discount there if the scope is smaller.

It can be somewhat useful for the company if taken seriously, as it can point out weaknesses in processes. Although I agree with other comments that most of it is a checkbox exercise than something that provides any real guarantees to the client demanding it.

I also don't know if getting through it with <20k $ is something that is feasible. Before doing SOC 2 we relied on the clients' security questionnaires instead, so maybe something to always ask about. Usually they were able to make an exception and allow it, although the % started shrinking over time.

Edit: Also, the auditor makes a difference. Pick one that understands small companies. A corporation auditor will get confused with "segregation of duties" if you are the only person in the company.

Since I also barely spoke English at the time, I got stuck in the game itself pretty soon anyway. Didn't manage to figure out how to say some things the right way. "Ken sent me" is the last thing I remember from it... and I never had any idea that the game was rather dirty until much later.

Then I think of the companies (not necessarily software) that have had long term success and their products have been quite high quality at least at some point in time. The count of genAI instances someone can keep in flight is certainly a weird metric that I think will hurt the companies who choose to ignore quality.

Unfortunately it's a long process as it's possible to get very far with great marketing and sales with a poor quality product too. Then cash out before customers figure out that there's something else that is better. I have no idea if this pattern will ever self-correct.

Off topic: I followed your guides for network programming years ago getting my tiny C server/client setup working. Thank you so much for writing them!

The way I see it, if they didn't even realize that they are doing something they shouldn't, they wouldn't have even known they need accreditation, even if that was required. Unless we restricted access to gazillions of tools without it of course.

I think it'll work itself out over time as what AI is/isn't and what data privacy means is discussed more. I'd leave accreditation entirely out of it, because we cannot even agree on what are the actual best practices or if they matter.

From my own little box I think that that if lab grown meat was available and affordable, I would never eat a bit of real chicken, pork or beef again. I know veganism is an option too, but... I grew up with meat and it's very difficult to give up.

The main question that is not obvious, is what should I use it for?

The only problem is that larp as ai comes back with "no work yet. check back later :(" a lot, but if you run out of credits, that's it. So... Did everyone run out of credits? I feel like there's something up with it.

From what it looks like, they want their streams to be compatible with AsyncIterator so it'd fit into existing ecosystem of iterators.

And I believe the Uint8Array is there for matching OS streams as they tend to move batches of bytes without having knowledge about the data inside. It's probably not intended as an entirely new concept of a stream, but something that C/C++ or other language that can provide functionality for JS, can do underneath.

For example my personal pet project of a graph database written in C has observers/observables that are similar to the AsyncIterator streams (except one observable can be listened to by more than one observer) moving about batches of Uint8Array (or rather uint8_t* buffer with capacity/count), because it's one of the fastest and easiest thing to do in C.

It'd be a lot more work to use anything other than uint8_t* batches for streaming data. What I mean by that, is that any other protocol that is aware of the type information would be built on top of the streams, rather than being part of the stream protocol itself for this reason.

For now maybe all forums should require some bloody swearing in each comment to at least prove you've got some damn human borne annoyance in you? It might even work against the big players for a little bit, because they have an incentive to have their LLMs not swearing. The monetary reward is after all in sounding professional.

Easy enough for any groups to overcome of course, but at least it'd be amusing for a while. Just watching the swear-farms getting set up in lower paid countries, mistakes being made by the large companies when using the "swearing enabled" models and all that.

Of course text is so universal and allows for so many ways of editing that it's hard to give up. On the other hand, while text is great for input, it comes with overhead and core issues for (most are already in the article, but I'm writing them down anyway):

  1. Substitutions such as renaming a symbol where ensuring the correctness of the operation pretty much requires having parsed the text to a graph representation first, or letting go of the guarantee of correctness in the first place and performing plain text search/replace.
  2. Alternative representations requiring full and correct re-parsing such as:
  - overview of flow across functions
  - viewing graph based data structures, of which there tend to be many in a larger application
  - imports graph and so on...
  3. Querying structurally equivalent patterns when they have multiple equivalent textual representations and search in general being somewhat limited.
  4. Merging changes and diffs have fewer guarantees than compared to when merging graphs or trees.
  5. Correctness checks, such as cyclic imports, ensuring the validity of the program itself are all build-time unless the IDE has effectively a duplicate program graph being continuously parsed from the changes that is not equivalent to the eventual execution model.
  6. Execution and build speed is also a permanent overhead as applications grow when using text as the source. Yes, parsing methods are quite fast these days and the hardware is far better, but having a correct program graph is always faster than parsing, creating & verifying a new one.

Or what if it was like "staging" step? Eg, write a separate function that gets parsed into program model immediately, then try executing it and then merge to main program graph later that can perform all necessary checks to ensure the main program graph remains valid? I think it'd be more difficult to learn, but I think having these operations and a program graph as a database, would give so much when it comes to editing, verifying and maintaining more complex programs.