I'm working on a multi signature solution that helps to detect unauthorized releases in the case of an account hijack. It is open source, self hostable, accountless and I am looking for feedback!
"There is no commit by an agent user, for two reasons:
* If an agent commits locally during development, the code is reviewed and often thoroughly modified and rearranged by a human.
* I don't want to push unreviewed code to the repo, so I have set up a git hook refusing to push commits done by an LLM agent."
It's not that I want to hide the use of llms, I just modified code a lot before pushing, which led me to this approach. As llms improve, I might have to change this though.
> * I don't want to push unreviewed code to the repo, so I have set up a git hook refusing to push commits done by an LLM agent."
Seems... Not that useful?
Why would someone make commits in your local projects without you knowing about it? That git hook only works on your own machine, so you're trying to prevent yourself from pushing code you haven't reviewed, but the only way that can happen is if you use an agent locally that also make commits, and you aren't aware of it?
I'm not sure how you'd end up in that situation, unless you have LLMs running autonomously on your computer that you don't have actual runtime insights into? Which seems like it'd be a way bigger problem than "code I didn't reviewed was pushed".
The agents run in a container and have an other git identity configured. It happens that agents commit code and I don't want to push it accidentally from outside the container, which is where I work.
I'm working on a multi signature system for file authentication that can detect unauthorized file publications. It is self-funded, open source, auditable, self hostable, accountless. I'm looking for testers and feedback, don't hesitate to contact me if interested.
More info at https://asfaload.com/
I've installed https://getaurora.dev/en/, another atomic Linux distro, for a non technical user and find it really good. I've read arguments that its architecture was better than kalpa, but I don't find it back and I have no sufficient knowledge or experience of both to have an opinion.
I'm working on a multisig sign-off solution, with the first use case being file downloads like GitHub releases authentication: https://github.com/asfaload/asfaload
I'm coming from F# and find rust a good compromise: great type safety (though I prefer the F# language) with an even better ecosystem. It can also generate decently sized statically compiled executables, useful for CLI tools, and the library code I wrote should be available to mobile apps (to be developed).
I have been using e/OS but moved away when an upgrade to the next version required to manually wipe the device. I could cope with the little inconveniences of a degoogled phone, but wiping the device myself following a unclear procedure was too much for me. My phone is not a hacking subject. It's a tool. Still, it worked reasonably well and I would have upgraded and kept using it if the upgrade had been easier.
I am on e/OS since 2021 with a FP3 and, for what is worth, I never had to reinstall, wipe or anything. My phone just had it's 5th birthday and it has been a single continuous set of updates.
I know the versions differ by model, so perhaps your model was not as well supported.
It was the gigaset gs190. I've used it quite some time with e/os, but one day the automatic updates stopped working and I discovered this reinstallation requirement.
Looks interesting. I'm currently using https://tuicr.dev/ , of which I like that the first screen it shows is the choice of commit range you want to review. Might be something to consider for deff?
Am I a fool to think that upcycled devices might not dent the sales of new devices, but would be used in new ways that would actually be positive for the vendor?
I think any effect on Samsung, positive or negative, would be negligible. It would help their PR slightly, but mostly among a relatively small part of their customer base.
On the negative side, it would probably have a minor impact on the number of new phones sold if old ones were able to be "refurbished" in this way. Again, probably not significant, but if it's even a penny cash flow negative, why invest their resources in it?
Overall the only significant gain to be made is the announcement because it can be spun and quoted to the average consumer as Samsung being more eco-friendly. It's akin to enabling consumerism, and consumers generally don't go to check if companies were telling the truth about this stuff.
When I was young I wrote to the Formula 1 team McLaren to ask if they could hire me for a student job. I didn't expect to get a reply, but I got one. The answer was negative, but I was happy. I never reflected about it until now, but maybe it learned me that asking doesn't cost anything, and that the worst thing that can happen is getting a negative answer? Not sure that was the turning point, but this is indeed my approach! :-)
For sure it was a nice experience, I would have done the same, imagine that kid you wrote back gets inspired, goes to study engineering then they come work for you instead of the competition. But nowadays is getting super rare to get human written rejection emails anymore, let alone to kids.
>but maybe it learned me that asking doesn't cost anything, and that the worst thing that can happen is getting a negative answer?
Yeah, but what do you think happens when every kid from the UK asks McLaren for a student job? What happens when everyone from India asks McLaren for a student job?
A kid every couple of months asking you for a job is cute and adorable, 5000 kids asking you for a job per month is a nuisance.
The truth is that this attitude of "it doesn't hurt to ask" only works in high trust societies where people exercise self restraint and all inquiries are done only in good faith, but doesn't scale at all when everyone on the planet starts doing "spray-and-pray" crap shoots and it just quickly becomes spam and overwhelms their capacity to actually read and reply to messages of people who might be genuinely qualified, so we get the issue I mentioned at the start where all messages from applications now first go through ATS and AI bots instead of actual humans.
5000 kids asking you for a job per month is a nuisance.
it's a great marketing platform, if anything. Strong brand loyalty going forward and costs you not much to do well, not to mention you can brighten a day or few for thousands of kids in all sorts of life situations.
You're severely mistaken if you think that's how businesses operate. Companies penny pinch on staff even for recruiting, they're not gonna increase headcount just to answer mail form kids just because you think it makes good marketing.
You can spin up any idea and claim it increases brand loyalty, but you have to have actual evidence that that either happens or actually matters in some way, and in this case it probably doesn't and isn't worth the expense once the scale exceeds >1 employee spending more than a few minutes a day. If you've got the data to prove otherwise so that you can actually make someone money, go ahead and sell people on the idea.
I don't have to - it's called image branding and is a well-known and established marketing discipline. Not direct ROI like hard sell techniques, but it lands you with higher margins, lower customer acqusition costs, longer customer lifetime value, etc. Apple was a master at that, Nike, and in this particular example LEGO regularly responds to children mail, Nintendo built a whole business channel around it with Nintendo Power and I'm sure I could pull out many more examples. Not everything is a hard sell technique.
So according to you, we should all quit our jobs and go work for Lego, Nike, Apple and Nintendo because they have good PR with kids, while you ignore the fact that most of them use sweatshop labor in China, fuck the environment and sue honest people for bullshit IP reasons?
If the problem of society could be summed up in one bite, this would be it.
Obviously the concept is different from the execution, and you provided an idea on execution (which anyone can do) which would need to be actually, you know, proved out to help with any kind of brand loyalty. Just doing random things that sound good is not a great strategy.
Because you actually believe the world is full of benevolent companies who work for the public good?
Or maybe people have seen what companies are doing behind the scenes that goes against their PR, making it worthless and hypocritic. Remember "don't be evil"?
You're right of course. I hadn't thought of the negatives when this self-restraint is absent.
I only sent one letter to one team because I was a fan. The restraining factor was being a fan. Remove that, and it can indeed rapidly go out of hands....
When I was probably 10 or so, one of the largest computer magazines in the country had a job for a 'junior writer'. My 10yo brain did not realize that junior meant 'just finished the relevant education' and though 'hey, I'm a junior'. So I just called them up and the guy on the other side of the line was clearly confused what to say to me not to disappoint me too much and mumbled something like "the person responsible for hiring is not around". In hindsight, it's pretty ballsy for a kid to just call, if I had to do it ten/fifteen years later I'd have been pretty nervous.
I'm a bit sad that we lose that innocent, carefree attitude later in life.
I think this is one of the ways in which the internet is dangerous for children.
Gen X kids were starving for any adult not their parents to acknowledge their existence. Which made us targets for predators. But now we’ve overcorrected and acknowledgement is routine. That dopamine hit is practically free.
https://github.com/asfaload/asfaload :
an opensource multisig sign-off solution allowing to sign and authenticate GitHub release artifacts. It is self hostable, accountless (key pair identity), auditable.
Website: https://asfaload.com/
GitHub:https://github.com/asfaload/asfaload
Spec: https://github.com/asfaload/spec
reply