I'm in the top 3% on Stack Overflow (all-time) [1] having helped over 8 million [2] software developers.
- web: https://taylore.dev
- email: tedmiston+hn@gmail.com
- stack overflow: https://stackoverflow.com/users/149428/taylor-edmiston
[ my public key: https://keybase.io/tedmiston; my proof: https://keybase.io/tedmiston/sigs/Q1_u0JHA3IxrPnlGfmtvPIzqSu2kR05Gsys9NZXWUks ]
All comments copyright © Taylor D. Edmiston, all rights reserved.
[1]: https://stackexchange.com/leagues/1/alltime/stackoverflow/2008-07-31/149428?sort=reputationchange#149428
[2]: https://stackoverflow.com/users/149428/taylor-edmiston?tab=topactivity
- tedmiston parenthttps://diziet.dreamwidth.org/14666.html#what-is-wrong-with-...
- CCPA/CPRA provide opt out of data sharing for (ad) sales to third-party companies, but those were passed before the gAI boom. I imagine an analogue is already in motion for AI training opt-out in CA, but those two don't address model training.
But ~782 million ChatGPT users vs a few million pairs of glasses.
- They are essentially choosing the philosophy of optimizing for speed in every dimension.
The tools selected are faster than their more mainstream counterparts — but since it's a static site anyway, the pre-build side of the toolchain is more about "nice dev ux" and the post-build is more about "really fast to load and read".
Summary:Location: Cincinnati, OH (Remote U.S.) Remote: Yes Willing to relocate: No Technologies: Generalist SWE but lately Backend, Data Engineering & DevOps. Python, web apps & APIs (FastAPI / Starlette, Flask, Django / DRF, etc), workflows (Airflow) & automation, Platform Engineering & Cloud Engineering, AWS, GCP, Docker, Bash, Terraform, containers, infrastructure, CI/CD (especially GitHub Actions), architecture (software architecture, cloud architecture, data architecture). Résumé/CV: https://www.linkedin.com/in/tedmiston/ Email: tedmiston+hn@gmail.com- I'm a principal software engineer (generalist recently focused on backend + DevOps) with 10+ YoE in software engineering roles professionally and experience from frontend to backend to shells, sysadmin, cloud, platform engineering, DevOps, CI/CD, security, etc etc
- I'm reentering the tech world after a sabbatical gap year and excited to find something that's a great fit
- I'm in the top 3% all-time on Stack Overflow having helped over 8 million software developers [1]
Please mention HN in the note if adding me on LinkedIn.
[1]: https://stackoverflow.com/users/149428/taylor-d-edmiston
Summary:Location: Cincinnati, OH (Remote U.S.) Remote: Yes Willing to relocate: No Technologies: Generalist SWE but lately Backend, Data Engineering & DevOps. Python, web apps & APIs (FastAPI / Starlette, Flask, Django / DRF, etc), workflows (Airflow) & automation, Platform Engineering & Cloud Engineering, AWS, GCP, Docker, Bash, Terraform, containers, infrastructure, CI/CD (especially GitHub Actions), architecture (software architecture, cloud architecture, data architecture). Résumé/CV: https://www.linkedin.com/in/tedmiston/ Email: tedmiston+hn@gmail.com- I'm a principal software engineer (generalist recently focused on backend + DevOps) with 10+ YoE in software engineering roles professionally and experience from frontend to backend to shells, sysadmin, cloud, platform engineering, DevOps, CI/CD, security, etc etc
- I'm reentering the tech world after a gap year and excited to find something that's a great fit
- I'm in the top 3% all-time on Stack Overflow having helped over 8 million software developers [1]
If adding me on LinkedIn, please mention "HN" in the note or message, so I see it!
[1]: https://stackoverflow.com/users/149428/taylor-d-edmiston
- Mostly that FF has ~36k extensions (January 2024) [1] and Chrome has ~112k (June 2024) [2].
[No doubt, total count of extensions isn't the most important number and there's a long tail in both counts of very small user bases, but this paints the ~3x picture in a broad stroke.]
Of course, since FF migrated to WebExtensions in 2017, theoretically most Chrome extensions can be ported to FF with minimal changes [3] — practically speaking though, not all of the big ones actually have, or the FF equivalents to some of the most useful Chrome extensions are far less polished.
And also, if you're developing front end web apps for normal end users, most are still on Chrome... over the years, I've experienced an unfortunate number of sites that should work across Chrome/FF/Safari actually break because of things like the developers not even testing in browsers besides Chrome given its dominance. I'm not encouraging that by any means, but the reality is that it still happens.
[1]: https://en.wikipedia.org/wiki/Add-on_(Mozilla)
[2]: https://github.com/DebugBear/chrome-extension-list
[3]: https://extensionworkshop.com/documentation/develop/porting-...
- > Nope, me too. The whole Repo network thing is not User facing at all.
There are some user-facing parts: You can find the fork network and some related bits under repo insights. (The UX is not great.)
https://github.com/apache/airflow/forks?include=active&page=...
- Apple Intelligence is the name of that "AI App Store" platform [1].
Many comments in this thread are conflating Apple's own models and the name "Apple Intelligence" when the latter is the overarching platform.
- At the bottom of the article, they allude to a future "AI App Store":
> Eventually, Apple aims to make money from AI by striking revenue-sharing agreements whereby it gets a cut from AI partners that monetize results in chatbots on Apple platforms, according to the people. The company believes that AI could chip away at the billions of dollars it gets from its Google search deal because users will favor chatbots and other tools over search engines. Apple will need to craft new arrangements that make up for the shortfall.
- Per Apple's site [1], it's just the language setting:
"* Apple Intelligence will be available in beta on iPhone 15 Pro, iPhone 15 Pro Max, and iPad and Mac with M1 and later, with Siri and device language set to U.S. English, as part of iOS 18, iPadOS 18, and macOS Sequoia this fall."
Summary:Location: Cincinnati, OH (Remote U.S.) Remote: Yes Willing to relocate: No Technologies: Generalist SWE but lately Backend, Data Engineering & DevOps. Python, web apps & APIs (FastAPI / Starlette, Flask, Django / DRF, etc), workflows (Airflow) & automation, Platform Engineering & Cloud Engineering, AWS, GCP, Docker, Bash, Terraform, containers, infrastructure, CI/CD (especially GitHub Actions), architecture (software architecture, cloud architecture, data architecture). Résumé/CV: https://www.linkedin.com/in/tedmiston/ Email: tedmiston+hn@gmail.com- I'm a staff+ generalist software engineer (most recently principal and focused on backend and DevOps) with ~10 YoE in software engineering roles professionally (~20 years since I started programming) with experience from frontend to backend to shells, sysadmin, cloud, platform engineering, DevOps, CI/CD, security, etc etc etc
- I'm reentering the tech world off of a gap year and excited to find something new that's a great fit and technically interesting
- I'm in the top 3% all-time on Stack Overflow having helped over 8 million software developers [1]
If adding me on LinkedIn, please mention "HN" in the note or message, so I see it!
[1]: https://stackoverflow.com/users/149428/taylor-d-edmiston
- Something like ArchiveBox or SingleFile are in the same ballpark of tools, but SingleFile at least seems to eschew Safari Webarchive as a format. ArchiveBox may support Safari webarchives, but for some reason they omit it in their docs.
https://github.com/gildas-lormeau/SingleFile?tab=readme-ov-f...
- I initially glossed over this believing it may be something trivial, but it really is a deeper XSS concern.
It feels weird me to dismiss as wontfix a security issue that gives the archived page far greater access to browser data than it has loaded at its original URL.
> Last updated at Tue, 16 Jan 2024 16:26:37 GMT
> tldr: For now, don't open .webarchive files, and check the Metasploit module, Apple Safari .webarchive File Format UXSS
> Safari's webarchive format saves all the resources in a web page - images, scripts, stylesheets - into a single file. A flaw exists in the security model behind webarchives that allows us to execute script in the context of any domain (a Universal Cross-site Scripting bug). In order to exploit this vulnerability, an attacker must somehow deliver the webarchive file to the victim and have the victim manually open it ^1 (e.g. through email or a forced download), after ignoring a potential "this content was downloaded from a webpage" warning message ^2.
Just look at the number of (relatively trivial) attack vectors identified by the author in this post:
> Attack Vector #1: Steal the user's cookies.
> Attack Vector #2: Steal CSRF tokens.
> Attack Vector #3: Steal local files.
> Attack Vector #4: Steal saved form passwords.
> Attack Vector #5: Store poisoned javascript in the user's cache.
https://www.rapid7.com/blog/post/2013/04/25/abusing-safaris-...
- > Internet Archive/ArchiveTeam also worked on that particular problem for a very long time, and are mostly successful as far as I can tell.
One category that the archivers do poorly with is news articles where a pop-up renders on page load which then requires client-side JS execution to dismiss the pop-up.
Sometimes it is easily circumvented by manual DOM manipulation, but that's hardly a bulletproof solution. And it feels automateable.
- > Running it over my bookmarks
> Once I’d written the initial version of this script and put all the pieces together, I used it to create webarchives for 6000 or so bookmarks in my Pinboard account. It worked pretty well, and captured 85% of my bookmarks – the remaining 15% are broken due to link rot. I did a spot check of a few dozen archives that did get saved, and they all look good.
I was a tad confused by this part.
Did you (or how did you) verify that the headlessly saved web archives for thousands of bookmarks visually match the pages shown in the browser?
This is the biggest problem I've had with command-line archival tools: they save some version of the page, but it often differs substantially from what I actually see in my browser — things like pop-up artifacts covering the page or news articles are full of ads that are otherwise blocked in my headed browser.
The SingleFile extension for Chrome works more completely and accurately than anything else I've come across so far, but it does still break weirdly sometimes too.
I would love to find a programmatic way to automate the visual verification, e.g., archiving a page with multiple different tools and visually diffing the rendered pages across tools with small margins of error. Maybe someone else has worked on this already.
- The brokers will presumably reverse them as erroneous trades. ("No such thing as a free lunch")
https://www.investopedia.com/terms/e/erroneous-trade.asp
Update:
> In addition to the volatility halts, trades in Class A shares of Berkshire Hathaway Inc. appeared to go off at mistaken prices. About a dozen trades showed shares changed hands at $185.10 around 9:50 a.m., a discount of 99.97% to Friday’s closing price of $627,400. NuScale Power Corp. had a similar glitch, with trades that printed at about 99% below the prior price.
> “It’s very confusing that it’s happening in just a few shares,” said Jonathan Corpina, senior managing partner at Meridian Equity Partners, who typically works on the floor of the NYSE. “I would assume that those bad trades will be broken.”
https://finance.yahoo.com/news/volatility-halts-hit-numerous...
- If you try to use serverless (the framework) for Python, you very quickly learn that its support is a second-class citizen vs building in TS/JS.
Adjacent concern but: It also makes for unholy large Docker images to combine an entire JS toolchain with an entire Python toolchain.
Zappa is a better (more native) choice.
Terraform modules provide a decent Python Lambda experience.
AWS also has multiple semi-overlapping projects in the space. Chalice, SAM, and Powertools specifically to name a few. CDK more generally as well.
- Not a huge surprise. It filled a weird niche, which was very easy to use for basic use cases, but Chalice only supported a small subset of Lambda features and didn't get much attention from AWS either.
As soon as you tried to do slightly more than was possible with it, it become unviable to manage all of the Lambdas and you end up having to use Terraform or similar anyway. If I were doing lots of new Lambdas today, I'd probably just use a third-party Terraform module for all of it.
- > At my friends coffee shop they make cold brew with an elaborate laboratory glassware setup that drips ice-water through a filter. Looks pretty neat and sciencey.
Likely the Yama cold brew tower [1].
[1]: https://prima-coffee.com/equipment/yama/yamcdm25sbk-yama-pp
- I'm sorry, but running `rm -rf ...` in a script against $HOME is a bit too reckless for me.
Maybe you haven't lost data from this yet, but this is where Chezmoi has nice guardrails and protects against, e.g., modifications or additions accidentally being made to $HOME instead of the dotfiles dir, which look like they would be silently blown out by your current process.
Just my 2¢ from someone who used to do it this way and lost data because of it.