Yesterday I one-shotted several interactive pages, that Qwen built out of straight HTML and Javascript. I handed it my API (source code, not even a swagger, via an MCP that Qwen wrote for me), asked for a frontend, and it delivered. One page at a time to keep context down, and mightve gotten lucky on the first draw but after the first one I told it to make the next ones like the first.

Can't say I've had that experience with backend languages & frameworks, incl writing that same API, but perhaps I'm off the beaten path with those, or perhaps there's greater breadth of things to do vs a narrower set of acceptance criteria? IDK.

Here I was sweating that I'd have to research and learn a current-day frontend framework. It felt like a magic wand using consumer-grade AI. HTML and plain old Javascript was plenty.

Tangent but apropos of other contemporary threads on HN, it puts a spin on supply chain threats. There's no NPM or anything, except perhaps whatever mysteries are baked into the model.

At one point one of my colleagues asked for assistance in getting an order of 500 iphones approved. As "spares".

Fortunately the corp had a policy that phone purchases needed to have a named individual declared.

I declined politely to assist.

It was common to see certain mid level execs churning through 2x - 5x the equipment of IC's (who would never get out-of-lifecycle approvals anyeay) and some quid pro quo stuff. As a fraction of their total comp it was modest ultimately, and for this reason my boss advised me to keep my mouth shut.

While poetically consistent, it enlarges the crater around these bad laws if they are passed and enforced. Basically all new manufacturing setups will need to stop and reprogram to stop and start according to fluctuating rules designed by committee, and will need to be made brittle to prevent circumvention.

It is a debacle.

The bug bounty service providers did an adequate job of filtering out junk reports. There was a survivorship bias, some of the bogus ones that got through had an uncanny ability to twist words.

It's a signal vs noise thing. Most of the grief is caused by bottom feeders shoveling anything they can squint at and call a vulnerability and asking for money. Maybe once a month someone would run a free tool and blindly send snippets of the output promising the rest in exchange for payment. Or emailing the CFO and the General Counsel after being politely reminded to come back with high quality information, and then ignored until they do.

Your report on the other hand was high quality. I read all the reports that came my way, and good ones were fast tracked for fixes. I'd fix or mitigate them immediately if I had a way to do so without stopping business, and I'd go to the CISO, CTO, and the corresponding engineering manager if it mattered enough for immediate response.

In one case I was one of exactly two people out of 500 that had used the product as a paying customer. Neither of us was in management.

After a year or two the CISO drifted over and asked me to show him how to use the product, but he was more interested in soundbytes than actually using the system.

It became a powerpoint exercise and I collected my attaboy.

And their security teams more cynical.

Sometimes they deliberately hire lower aptitude candidates to run internal security to prevent them from getting distracted by the product.

In other cases they are getting high on their own supply, more or less.

Jack Welch style management seems to take a deeper toll in this sector.

Trademarks seem like a sore spot for successful OSS but probably useful for solving this problem.

Or perhaps a license change? Might be tricky to do what the author means and still meet the definition of /open/. Maybe that's ok?

concur otherwise that openscad is parameter friendly. the lightbulb moment for me was when i finally grasped its functional grammar and leaned into it, esp recursion instead of algebraic solutions. that should probably be the subject of a tutorial or several.

this pattern could probably benefit a lot of apps

Though IPv6 has a similar situation with well defined unicast and multicast addresses.

True story, popular browsers won't let you load a webpage via various IPv6 local address literals for this reason. Hxxp://[ff02::] addresses won't work.

/ You can have your cake by "tying a knot" with yourself and port forwarding from 127.0.0.1 to the IPv6 literal. An ssh port forward will do this with aplomb. Then load hxxp://localhost:port and it works again.

// Browser logic

You can provoke loops and tangles of many sorts, some at the same protocol level and others going up and down.

My memory is fading but I vaguely recall a time when all of AOL shared something like a dozen egress addresses for certain traffic -- might have been proxies as opposed to NAT/"PAT" as we know it today. Iow, you couldn't block one without blocking 1/12 of AOL users.

Stronger memories of a time when your IP address (some were nat, some were not, varied by ISP) depended on which modem bank you dialed into, which was strongly influenced by what phone number you dialed. Which diluted the identity value of a given IP for a computer or user.

Feels like a well placed post to a model sharing site could affect the landscape.

If we can do ghost guns shouldn't hand tools follow?

There are some crazy things [1] going on in the oven world, though Miele seems to have blown the marketing. My wife and kids all furrowed their brows when I told them about the fish in the ice block. They don't understand or care about physics, they just like tasty food they know how to prepare. "Why would you cook a fish in an ice block in the first place?"

[1] https://www.mieleusa.com/m/in-dialog-with-food-miele-to-unve...

I'll concede there is some complexity in integrating with everything and putting up with the associated confusion. And granted the stakes are a little raised due to the nature of identity and access, and like you point out what could go wrong. Implementation is annoying, both writing the identity solution and then deploying and operating it. But the deployment & operation part is still there if you go with Okta or 1Login or Cognito or whomever.

The implementation is a capital type thing that is substantially solved already with the various F/OSS solutions people are mentioning - it's just a docker pull and some config work to get it going into a POC.

There are much harder problems in tech IMO, anything ill-defined for starters.

The C-level folks seem to think they are buying some kind of indemnity with these "enterprise" grade solutions, but there is no such thing. They'll even turn it around and take Okta's limitations as existential--"if even Okta doesn't get it right, there is no way we could pull it off". Out of touch, or less politely, delusional.

When I brought it up, they said they didn't have anyone smart enough to host an identity solution.

They didn't have anyone smart enough to use Okta either. I had caught multiple dealbreakers-for-me such dubious / conflicting config settings resulting in exposures, actual outages caused by forced upgrades, not to mention their lackluster responses to bona fide incidents over the years.

I use Authentik for SSO in my homelab, fwiw.

Draw straws and one person dials in from their desk or a phone closet. Take advantage of multiple locations, which are frequently if not always part of the landscape. I had a similar experience, there was a lady on the same floor who was sensitive to light, versus I had a plant that was dying, so I bought a timer and a desk lamp and set it directly under the lamp to run after hours, and we kept the lights dim during the day.

At some point the rigidity is just another type of enshittification, there to subtract. Ingrained in their culture and part of their prerogative. Denying them the privilege is an insult that earns greater retribution. Pour encourager les autres.

It would literally cost them nothing to be flexible. Solzhenitsyn level material.

Suggests a new unit of measure, the Solz, which characterizes how occult and byzantine the rules are and how vindictive and arbitrary the application. Bonus points for tail-eating and Lysenkoist aspects. Stalin era normalized to 1.

I had "exceeds" ratings the whole time at this job, btw. I am told my contributions live on 10 years later, I can't say that about most of my work experience.