https://hokstadconsulting.com
Engineering management/leadership; devops; software development, architecture; Ruby, C, JavaScript, C++, PHP, Java, Go, Python (roughly in descending order of commercial experience)
E-mail: vidar@hokstad.com (job opportunities, contracts, and questions about my comments or projects are all good, but please be to the point and I can be slow to reply to unsolicited e-mail)
Mastodon: @vidar@galaxybound.com / https://m.galaxybound.com/@vidar
LinkedIn: https://www.linkedin.com/in/vhokstad/
Personal site: http://www.hokstad.com and http://www.hokstad.com/blog
My (not regularly updated) Ruby compiler project: http://www.hokstad.com/compiler
Github: https://github.com/vidarh
One of my favourite recent projects is this ~500 line TrueType font renderer in Ruby: https://github.com/vidarh/skrift
Site for my science fiction book series: https://galaxybound.com
- vidarhThe issue with that in terms of the simulation argument, is that the simulation argument doesn't require a complete simulation in either space or time.
- It's an article that tries to be literature rather than just the information it conveys, and some people don't like that whether it is successful or not.
- Think of it as a "you should - and is allowed to - spend more time on this" command, because that is pretty much what it is. The model only gets so much "thinking time" to produce the initial output. By asking it to iterate you're giving it more time to think and iterate.
- It increasingly is. E.g. if you use Claude Code, you'll notice it "likes" to produce todo lists that rendered specially via the TodoWrite tool that's built in.
But it's also a balance of avoiding being over-prescriptive in tools that needs to support very different workflows, and it's easy to add more specific checks via plugins.
We're bound to see more packaged up workflows over time, but the tooling here is still in very early stages.
- I'm Norwegian, and the Norwegian stereotype of Finnish people used to be that they are dour and introvert. And we're by and large culturally a lot less outwardly cheerful to people we don't know than the Danes.
Sometimes Norwegian TV would show Finnish dramas while I was growing up in the '80s, and the standing joke was that the typical Finnish drama had two guys hiking through the forest, one of them saying something, and then half an hour more of hiking before the other would reply. I don't remember whether that was accurate (it's not as if I'd have kept watching), but I suspect not.
- Really, this. You still need to check its work, but it is also pretty good at checking its work if told to look at specific things.
Make it stop. Tell it to review whether the code is cohesive. Tell it to review it for security issues. Tell it to review it for common problems you've seen in just your codebase.
Tell it to write a todo list for everything it finds, and tell it fix it.
And only review the code once it's worked through a checklist of its own reviews.
We wouldn't waste time reviewing a first draft from another developer if they hadn't bothered looking over it and test it properly, so why would we do that for an AI agent that is far cheaper.
- Same here. I've picked up projects that have languished for years because the boring tasks no longer make me put them aside.
- > None of the issues go away just because it's in chat?
There is a wast difference in risk between me clicking a button provided by Claude in my Claude chat, on the basis of conversations I have had with Claude, and clicking a random button on a random website. Both can contain a malicious. One is substantially higher risk. Separately, linking a UI constructed this way up to an agent and let third parties interact with it, is much riskier to you than to them.
> If the interactive diagram or UI you click on now owns you, it doesn't matter if it was inside the chat window or outside the chat window.
In that scenario, the UI elements are irrelevant barring a buggy implementation (yes, I've read the rest, see below), as you can achieve the same things as you can do that way with just presenting the user with a basic link and telling them to press it.
> as transported/renderered/etc by NxM combinations of implementations (there are 4 renderers and a bunch of transports right now), is not going to have security issues, i've got a bridge to sell you.
I very much doubt we'll see many implementations that won't just use a web view for this, and I very much doubt these issues will even fall in the top 10 security issues people will run into with AI tooling. Sure, there will be bugs. You can use this argument against anything that requires changes to client software.
But if you're concerned about the security of clients, mcp and hooks is a far bigger rats nest of things that are inherently risky due to the way they are designed.
- If done in chat, it's just an alternative to talking to you freeform. Consider Claude Code's multiple-choice questions, which you can trigger by asking it to invoke the right tool, for example.
- We can't even tell for certain the we have existence in time beyond just this moment - our only source of that is a memory of time passing, which we can't validate.
- I very specifically do not want to run it in an IDE. I'm perfectly happy with it in the terminal, running diffs separately, and very specifically NOT as it is working.
- This is hysterical. What actions is it you imagine the UK government would have taken to disadvantage me in secret because of what I've said about them that have been so inconsequential that I haven't noticed them?
- > Common to get a 10 year US visa. Schengen visa? For the duration of your visit
Both of these are possible. Neither are nearly that simple.
For starters the validity period depends on the country, and the type of visa, and since you mentioned Africa, applicants from the vast majority of African states are limited to single entry visas with 3 months validity for B-visas. A few can get 4-5 years, and a handful (I think Morocco, Botswana, South Africa) can get 10 years.
Given that, it's rather odd that you used specifically African countries as the basis for comparison and then pulled out 10 year duration.
On the other side, it is reasonably uncommon to be limited to just the stay for Schengen visas, though it can certainly happen, especially for applicants from poorer countries. And validity can be up to 5 years. But you certainly can
> The EU also charges pretty hefty fees for a Schengen visa, which I view as a racket and/or xenophobia.
The standard cost for a Schengen visa is 90 euros or 105 USD. If you've paid more that has been service fees to application centres, not the EU fees.
The application fee for a US B-visa is 185 USD, in addition there is an issuance fee for some countries, most of them African.
- A shell company complete with directors of your preferred nationality is trivial to procure for relatively small amounts of money.
- Do you have an actual point that doesn't involve me divulging private information of people who are not part of this conversation? My identity is on my profile; identifying the people in question would be rather easy.
If what you're suggesting is that the US is not being more draconian than most, you're free to make an actual claim about how.
I'll note that this article is about people eligible for the visa waiver program, which does not include any African countries - travelling to the US from African countries is also far more draconian than what is outlined in the article, so it's unclear why you think the comparison is relevant.
- > Claude: "Provide me links to <precise description of what you actually want". Result: 4 or 5 directly relevant links, most of which are useful, and it happens on the first query.
Which, as I pointed out, is not the point, as you're advocating exactly the kind of prompting I said wouldn't be a problem. It's not how she uses it.
- That's a valid concern about the number of people who think people are good at predicting the future too.
(I'll make my prediction: 10 years from now, most things will be more similar to what things are today than most people expected them to be)
- It would be huge, but only 20 minutes would also still mean it's still far away from making fusion workable, so it fits neatly into the standard joke that fusion is perpetually 10 years away.
- I don't want/use anything fancy - I just use git diff in a separate terminal. I don't care about the individual changes Claude is making during a unit of work. I'll review a final change. Sometimes not even that - if the tests pass I may way until it's committed a bunch of changes, and review them as a whole.
Trying to follow along better is exactly the opposite of what I'd advocate - it's a waste of time especially with Claude, as Claude tends to favour trying lots of things, seeing what works, and revising its approach multiple times for complex tasks. If you follow along every step, you'll be tearing your hair out over stupid choices that it'll undo within seconds if you just let it work.
- I have in-laws who do that regularly. I'm aware there are plenty of complications with that. I still stand by what I wrote.