I had to use clipchamp for something recently and my god, what an awful, enshittified piece of software. It's sending me emails now!
this post was submitted on 16 Dec 2024
24 points (100.0% liked)
TechTakes
1489 readers
74 users here now
Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.
This is not debate club. Unless it’s amusing debate.
For actually-good tech, you want our NotAwfulTech community
founded 2 years ago
MODERATORS
tangentially: I've been getting reminded of a bunch of services existing, by way of pointless "your year in review" bullshit
fuck spotify for starting that misfeature, and fuck everyone else for falling over themselves to get On Trend
And, whilst I’m here, a post from someone who tried using copilot to help with software dev for a year.
I think my favourite bit was
Don’t use LLMs for autocomplete, use them for dialogues about the code.
Tried that. It’s worse than a rubber duck, which at least knows to stay silent when it doesn’t know what it’s talking about.
https://infosec.exchange/@david_chisnall/113690087142854474
(and also https://en.m.wikipedia.org/wiki/Rubber_duck_debugging for those who haven’t come across it)
Interesting article about netflix. I hadn’t really thought about the scale of their shitty forgettable movie generation, but there are apparently hundreds and hundreds of these things with big names attached and no-one watches them and no-one has heard of them and apparently Netflix doesn’t care about this because they can pitch magic numbers to their shareholders and everyone is happy.
“What are these movies?” the Hollywood producer asked me. “Are they successful movies? Are they not? They have famous people in them. They get put out by major studios. And yet because we don’t have any reliable numbers from the streamers, we actually don’t know how many people have watched them. So what are they? If no one knows about them, if no one saw them, are they just something that people who are in them can talk about in meetings to get other jobs? Are we all just trying to keep the ball rolling so we’re just getting paid and having jobs, but no one’s really watching any of this stuff? When does the bubble burst? No one has any fucking clue.”
What a colossal waste of money, brains, time and talent. I can see who the market for stuff like sora is, now.
I feel like before Redbox went under, it was also a dumping ground for this sort of thing. For instance, that mid-budget Western "Rust" where Alec Baldwin killed the camerawoman on set felt like it was destined for this sort of distribution strategy. Who's clamoring to go out to the theater to see a Western with Alec Baldwin these days? But it might stand out among all the other slop when you're looking to turn your brain off on a Saturday night.
See also the rise of the "geezer-teasers," where a random 80s/90s action star signs up to appear in the first and last 10 minutes of a generic action movie filmed someplace inexpensive, most likely eastern Europe or southeast Asia. There were a lot of those. Perhaps my favorite, that I still want to watch someday, was Danny Trejo and Danny Glover in "Bad-Ass 2: Bad-Asses."
ai fan asks chempros about their use of lying boxes: majority opinion is that this shit is useless, leaks confidential information and is a massive legal liability https://www.reddit.com/r/Chempros/comments/1hgxvsj/ai_in_the_workplace_how_have_chemistsscientists/
top response:
It’s a good trick to be instantly dismissed. No, really, that’s the latest I had in terms of company policy. If you’re caught using AI for anything, you’re out the door. It’s a lawsuit waiting to happen (and a lawsuit we cannot defend against). Gross misconduct, not eligible for rehire, and all that. Same as intentionally misrepresenting data (because it is). (Pharma)
Days since last comparison of Chat-GPT to shitty university student: zero
More broadly I think it makes more sense to view LLMs as an advanced rubber ducking tool - like a broadly knowledgeable undergrad you can bounce ideas off to help refine your thinking, but whom you should always fact check because they can often be confidently wrong.
Seriously why does everyone like this analogy?
As a person whose job has involved teaching undergrads, I can say that the ones who are honestly puzzled are helpful, but the ones who are confidently wrong are exasperating for the teacher and bad for their classmates.
good question, i have no clue especially that i wasn't like this as undergrad, it's really not hard to say "i don't know, boss" or "more experimental data is needed" and chatgpt will never say this
shitty undergrad won't probably leak confidential info either (maybe on sender side, but never on receiver side, as in receiving unexplained stolen confidential info from cosmic noise)
From the replies:
In cGMP and cGLP you have to be able to document EVERYTHING. If someone, somewhere messes up the company and authorities theoretically should be able to trace it back to that incident. Generative AI is more-or-less a black box by comparison; plus how often it’s confidently incorrect is well known and well documented. To use it in a pharmaceutical industry would be teetering on gross negligence and asking for trouble.
Also suppose that you use it in such a way that it helps your company profit immensely and—uh oh! The data it used was the patented IP of a competitor! How would your company legally defend itself? Normally it would use the documentation trail to prove that they were not infringing on the other company’s IP, but you don’t have that here. What if someone gets hurt? Do you really want to make the case that you just gave Chatgpt a list of results and it gave a recommended dosage for your drug? Probably not. When validating SOPs are they going to include listening to Chatgpt in it? If you do, then you need to make sure that OpenAI has their program to the same documentation standards and certifications that you have, and I don’t think they want to tangle with the FDA at the moment.
There’s just so, SO many things that can go wrong using AI casually in a GMP environment that end with your company getting sued and humiliated.
And a good sneer:
With a few years and a couple billion dollars of investment, it’ll be unreliable much faster.
for anyone wondering cgmp/cglp means current good manufacturing/laboratory practices and it's mostly a set of paperwork concerning audits etc and repeatability of everything
Im assume a few of these good practices have been discovered after a certain price in blood was paid.
AI could be a viable test for bullshit jobs as described by Graeber. If the disinfotmatron can effectively do your job then doing it well clearly doesn't matter to anyone.
idk, genai can fuck up a couple of these too
It's not an exhaustive search technique, but it may be an effective heuristic if anyone is planning The Revolution(tm).
In further bluesky news, the team have a bit of an elon moment and forget how public they made everything.
https://bsky.app/profile/miriambo.bsky.social/post/3ldq2c7lu6c25 (only readable if you are logged in to bluesky)
the team have a bit of an elon moment
"Oh shit, which one of them endorsed the German neo-Nazis?"
Aaron likes a porn post
"Whew."
Not A Sneer But: "Princ-wiki-a Mathematica: Wikipedia Editing and Mathematics" and a related blog post. Maybe of interest to those amongst us whomst like to complain.
very interesting, thank you for sharing
Y'all, with Proton enshittifying (scribe and wallet nonsense), I think I am never going to sign up for another all-in-one service like this. Now I gotta determine what to do about:
- Proton Mail
- Proton VPN
- Proton Drive
- Proton Calendar
and I'd be forced to reassess my password manager if hadn't already been using BitWarden when Proton Pass came out.
Self-hosting is a non-starter (too lazy to remember a new password for my luggage). Any thoughts? Are other Proton users here jumping ship? Should I just resign myself to using Proton until they eventually force some stupid ass "Chatbot will look at the contents of your Drive and tell you which authorities to surrender yourself to"?
I am no tech expert but I use tuta for email and disroot for forms, pads and file sharing.
For VPNs, at least, I can offer some suggestions. If you wanted to securely access a specific box or network of yours, tailscale is pretty great and very painless to use. If you wanted to do stuff without various folk noticing then that’s a bit trickier but I’ve been happy using mullvad… they’re not the cheapest, though they have some splendid anonymous payment mechanisms (you can literally mail them a wad of banknotes with a magic code on a bit of paper… you don’t even need to muck about with bitcoin).
I have a subscription for Private Internet Access that I was using before subscribing to Proton Mail (which comes with Proton VPN). I figured it was all the same (they all have a slightly skeezy feel to me).
Then I checked out Mullvad's website and it's really quite awesome. Everything about their service has a "we want to make this accessible to everyone" vibe, which I appreciate. I am going to try it out. <3
Oh yeah I forgot to mention that in my comment: drop PIA. Never touch anything owned by PIA or Kape. Ever.
Yeah I stopped using it after switching to Proton.
also, how are you liking bitwarden?
I really need to kill off my current password manager and bitwarden's looking like the least worst of current options (esp. when paired with something like vaultwarden instead of running a fucking nodejs sync server on the internet), but also some of it seems quite stunted[0]
it's gotten so bad that I've started pondering writing my own, because good god does basically every option out there depress me
[0] - no global hotkeys? the fuck
They have a CLI app though which you can hook up to dmenu or rofi or whatever to get global shortcuts.
https://github.com/firecat53/bitwarden-menu
Their desktop app is a bit shit anyway. I just use the CLI and the Firefox extension and it’s working solid.
alas: my main workstation is (non-slate) macos, and it's unchangeable for the foreseeable future
good to know those (already) exist as options, though. if I can find some spoons I'll try look around and see if there's maybe something similar I can hack up/agglutinate from what's around
Their desktop app is a bit shit anyway
I haven't even tried it yet because I'm real "ehhhhhhhhhhhhhh" about even the idea of a js-/ts-based gui client for my password manager. largely because I've met too many js/ts devs and I outright don't trust their competence and processes. so your post is definite motivation for me to eyeball some of the other clients too
also, how are you liking bitwarden?
I am happy with it. That they only charge $10 a year for services I don't even need (I could use a separate 2FA app) and allow you to self-host is a good sign. I plan to eventually set up a workflow in Sway (Wayland tiling WM) with a CLI tool (e.g. https://crates.io/crates/rbw, or the official one), so the interface is not terribly important to me. I would definitely recommend trying a free account to see if it fits into your workflow.
it’s gotten so bad that I’ve started pondering writing my own, because good god does basically every option out there depress me
I am in the same boat, except all of the software I've ever written has been TeX, or giving contrived examples to undergrads to demonstrate why dp[i][j] is a shit table name or why ∞ is better than float('inf') or MAX_INT in pseudocode. So I am only theoretically up to the task, which is ... IDK maybe I should start grifting?
But for real, I have considered writing my own:
- VPN client where we don't have to jump through the hoops of learning a new shitty client, or finding out that their client runs like ass in Linux (Proton)
- Password Manager
- Config editor, so I don't have to edit
/home/${USERNAME}/.config/sway/config.d/90-fuckyou-this-is-where-we-keep-system-suspend-shit.confevery time I want to change something. "Oh no you gotta edit the Kanshi config for that one." It's tedious to remember where various programs look for the config and whatever particular syntax is chosen (isn't this fucking solved withtomlfiles already?) - An Android reminder app that isn't some stupid Taylorist metric-worshipping bullshit.
PS: There is Goldwarden which I know absolutely nothing about but looks neat. It does suggest that you could just write your own that is bitwarden compatible.
I am in the same boat, except all of the software I’ve ever written has been TeX
I'm sorry
giving contrived examples to undergrads to demonstrate why
dp[i][j]is a shit table name or why∞is better thanfloat('inf')orMAX_INTin pseudocode
that sound you can hear is my despairing screaming[0]
VPN client where ... jump through the hoops of learning a new shitty client
(not a pitch, but multiple commercial references) I really liked how simple tunnelbear made this for a lot, and also quite like how slick the wireguard desktop-style handling is (you can see this for example with fly.io's integration to that). I think there's long context here, and if you buy me a beer I could rant in detail
PS: There is Goldwarden
oh good, it's in Go, my other code allergy
shitposting aside, re the password manager thing: @self and I have co-ranted in dms, and about similar gripes.
so, by way of idea, loose laundry list for foundations/design: modern crypto (jfc why is so much still going "yeah gpg is fine"), crdt sync, a sane fucking language to build everything on, own-devices friendly (in the "you can sync device to device peer-wise" sense, vs the "there's a remote server broker" sense), and pretty okay(tm) interfaces for client building/extensibility
I’m sorry
me too, also i lied/forgot to mention that my particular PhD situation is so fucked up that i went from pure mathematics to cuda
GPUs: not even once
That is a good rule. The GPU programmers seem to think this is good code and that it's well-documented. I am still pretty out of my depth in this field, but it feels so silly to me. There is this historical bullshit about fortran only allowing 5 characters for a function name, and that (combined with some appeal to domain-specific knowledge) is used to justify stupid, freshman level shit like
if uplo == 'U':
# manually fill in this part with the version of the algorithm that is for upper triangular matrices
else: # just assume it's always U or L without checking, god forbid you use something modern like an enum, or even just a boolean
# manually fill in this part with the version of the algorithm that is for lower triangular matrices
edit: if memory serves, booleans were first discovered in 2011 by John T. Boole, which is why they don't show up in fortran
last time it came up, tuta was the least worst of the mail options. it's not the same offering as proton's in-garden encrypted, but nothing is afaik. rest of it is pretty okay (I have some (not all[0]) domains on there)
the rest of the things I don't have a direct recommendation in part because [0] and in part because I don't use computers entirely like how a lot of people do. that said
storage: backblaze storage pricing is not bad. they might have a desktop app thing? calendar: caldav is a dark art beyond my ken - I haven't even got that shit playing nice on my own things[3]. fuck knows who does this well. vpn: mullvad[1] (has quite recently had another full assessment published). maybe njalla[2]?
[0] - I'm one of those crotchety fuckers that still has a whole pile of self-hosted things that have been going 15~20y
[1] - seems okay and to have their head on straight. haven't used myself.
[2] - also haven't used it myself, comes from some of the folks of the TPB gang
[3] - admittedly I haven't tried that hard because I don't need it much, but it is extremely goddamn annoying to debug from clients
I use Posteo for mail and calendar now (they’re not encrypted between users like Proton but you can just hook it up to any mail client and PGP your shit) .Mail is IMAPS, calendar is CalDAV, contacts are CardDAV, etc. Depending on where you fall on the security-convenience sliding scale, that might be an option. I’ve decided that I care more about portability and standards than super-thick encryption which made me choose them over Tuta, because Tuta offers no way to access the mail over IMAP whatsoever, not even an optional bridge like Proton, and that was a total dealbreaker for me. Posteo also claim they’re 100% green energy which is a nice bonus.
For drive I use Filen.io now. They’re relatively new so I can’t make any assumptions about how long they’ll be around but the price is fair and they offer lifetime payments too. Also their Linux client is pretty solid and doesn’t fucking eat my RAM for breakfast. They’re also in the process of adding support for rclone as per a GitHub issue I’m following.
VPN I pretty much don’t use because I’ve never felt I needed it, so no recommendations there from me.
Both of these suggestions are very nice, thank you!
load more comments
(2 replies)
Bluesky’s approach to using domain names to mean identity is now showing cracks that everyone can see: https://tedium.co/2024/12/17/bluesky-impersonation-risks/
(it was always shaky, but mostly only shown by infosec folks who signed up as amazon s3, etc)
TL;DR: scammer buys .com domain for journalist’s name, registers it on bluesky, demands money to hand it over or face reputational damage, uses other fake accounts with plausible names and backgrounds to encourage the mark to pay up. Fun stuff. The best bit is when the sockpuppets got one of the real people they were pretending to be banned from bluesky.
It seems like it is a neat addition to a robust verification system, sadly they picked it as a replacement for a verification system. Ah the libertarian desire to build a thing but not be responsible for it.
this is such a mess, holy shit
and only on .com? I have some very pointed questions about the maturity of the verification program/design
view more: next ›