Nobody cares, nor should they. Anthropic broke nearly every ToS of every website that they scraped data from. The AI robber barons just want to monopolize intellectual property violations, and I'm gonna cheer on any robin hoods that take it back from them.
Are you kidding me? Who’s going to align synergy and hold accountable KPIs and vision plan the 3rd quarter and.. and.. other MBA talk. Certainly AI could never.
I'm noticing one major early effect of them is making extensive, visually consistent, very impressive slide decks accessible to individual workers who need to actually do real work and wouldn't ordinarily have time to make those.
The result is an explosion of pretty bullshit-heavy documents flying around our org, which management loves but which is definitely, so far, net-harmful to productivity.
This comes out if you start asking questions about the documents. "Which of a couple reasonable senses of [term] do you mean, here?" they'll stumble because that was just something the LLM pulled out of the probability-cluster they'd steered it to and they left in because it seemed right-ish, not because they'd actually thought about it and put it there on purpose. They're basically reading it for the first time right alongside you, LOL. Wonderful. So LLM. Much productivity. Wow.
Anyway, since a lot of what managers and execs do is making those kinds of diagrams and tables and such in slide decks, and their own self-marketing within the company is heavily tied to those, I expect they see this great aid to selfishly productive but company un-productive activity as a sign these things will be at least as big a boon to real work. Probably why they still haven't figured out how wrong that is. I suppose they're gonna need a real kick in the ass before they figure out that being good at squeezing their couple novel elements into a big, pretty, standardized, custom-styled but standards-conforming diagram padded out with statistical-likelihoods doesn't translate to being similarly good at everything.
That entirely ignores and excuses the chain of decisions that lead to this problem. Removing it from the codebase today does nothing to dissuade them from doing something similar tomorrow
That's why webXray (https://webxray.ai) has perfected forensic privacy auditing - we catch every code change that has visible traces. I'll catch the same thing any way you do it - cookies, local storage, js obfuscated network payloads...no sweat. I'll go all day long.
A lot of this advice is good or at least interesting. A lot of it is questionable. Python is completely fine for the backend. And using SQLite for your prod database is a bad idea, just use Postgres or similar.
There’s a lot to be said about his approach with go for simplicity. Python needs virtual environments, package managers, dependencies on disk, a wsgi/asgi server to run forked copies of the server, and all of that uses 4x-20x the ram usage of go. Docker usually gets involved around here and before you know it you’re neck deep in helm charts and cursing CNI configs in an EKS cluster.
The go equivalent of just coping one file across to a server a restarting its process has a lot of appeal and clearly works well for him.
Yes. It strikes me as odd how many people will put forward Python with the argument of "simplicity".
It is not. Simple. It may be "easy" but easy != simple (simple is hard, I tend to say).
I'm currently involved in a project that was initially layed out as microservices in rust and some go, to slowly replace a monolyth Django monstrosity of 12+ years tech debt.
But the new hires are pushing back and re-introducing python, eith that argument of simplicity. Sure, python is much easier than a rust equivalent. Esp in early phases. But to me, 25+ years developer/engineer, yet new to python, it's unbelievable complex.
Yes, uv solves some. As does ty and ruff. But, my goodness, what a mess to set up simple ci pipelines, a local development machine (that doesn't break my OS or other software on that machine). Hell, even the dockerfiles are magnitudes more complex than most others I've encountered.
"trivial" falls in the "easy" category. So it may not be hard to do. But what UV makes "easy" is managing something very complex under the hood.
Better example:
FROM python:3.9-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
CMD ["python", "app.py"]
While "easy" it is nowhere near simple. Aside from the entire complexity of the stack of docker, that `python:3.9-slim` it itself is very complex. It installs over 20 "dev" packages (from bluetooth via tk to xz), it downloads source files, builds a python runtime, (patches that?), installs pip, setuptools, does some (to python people probably familiar?) "wheel" stuff, etc¹. Point being: what you end up with, while easy to get, is very complex.
uv manages a runtime, some virtual environment to hot-swap that with other runtimes, it hooks into a package manager, manages additional tools (linter, typechecker, lsp, etc) and so on. What lies under that is very complex.
¹ I am well aware that node, ruby, php are quite similar.
Python will take you a long way, but its ceiling (both typical and absolute) is far lower than the likes of Go and Rust. For typical implementations, the difference may be a factor of ten. For careful implementations (of both), it can be a lot more than that.
Does the difference matter? You must decide that.
As for your dismissing SQLite: please justify why it’s a bad idea. Because I strongly disagree.
There are a myriad middle states in-between "frupid" (so frugal that it's stupid) and "Instagram scale".
Python requires much more hand-holding that many don't want to do for good reasons (I prefer to work on the product unimpeded and not feeling pride having the knowledge to babysit obsolete stacks carried by university nostalgia).
With Go, Rust, Zig, and a few others -- it's a single binary.
This is a post about keeping your infrastructure simple, so Instagram is not a good ceiling to pick. People do all kinds of hacks to scale Python before they hit Instagram levels
Unless your Cloudflare worker and the DB are scheduled onto the same physical server, they are not local to one another. I don’t know much about D1, but the overwhelming majority of cloud infra makes no such guarantees, nor are they likely to want to architect it in that manner.
Cloudflare's Durable Objects puts your Worker and SQLite DB on the same physical server (and lets you easily spawn millions of these pairs around the world).
D1 is a simplified wrapper around DO, but D1 does not put your DB on the same machine. You need to use DO directly to get local DBs.
I think the point is that your Python webapp will have more problems scaling to let's say 10,000 customers on a 5$ VPS tham Go. Of course you can always get beefier servers, but then that adds up for every project
No, that's malicious compliance. If the owners of those websites would just stop ignoring visitors' right to privacy they wouldn't be showing those banners (yes, I know the website of the EU also has such a banner, lazy devs are lazy).
I would guess OpenAI Codex and Claude Code are well into the millions subscriber range at this point. I would venture to guess the majority of them run in yolo mode. I have only seen a few horror stories on reddit. The same way any time you drive a car you can crash and die (many times through no fault of your own).
All that said, no way in hell I’m giving either access to production databases or environments.
I have heard of more than a few horror stories including filesystems lost and force pushes done.
These tools have only been in use for a short time and the current harnesses/system prompts are quite limited. Claude code is mostly limited to your codebase where you have version control. Excel is different.
I foresee that once people hand over more power to full agents there will be some nasty surprises. Im sure there will eventually be demand for some kind of limits
Yeah, I was thinking about simonw's lethal trifecta[0] and how to solve it and my conclusion was "you cannot", i.e. you just accept a certain level of risks for the rewards it offers.
The "agent never sees keys" approach prevents key exfiltration, but it doesn't prevent agent from nuking what it has access to, nor prevent data exfiltration.
The best advice I heard to protect against prompt injection was "just use Opus" ( ... which was great advice before they lobotomized it ;)
But even without injection, most of the horror stories are from random error, or the AI trying to be helpful (e.g. stealing your keys or working around security restrictions, because they trained or to really want to complete a task.[1])
Codex 5.4 medium couldn’t figure out how to run tests in my staging Cloudflare so it went ahead and ran those tests against prod. Mission accomplished.
This cope is insane. Even simple projects generated by Claude are riddled with bugs. And there’s no way in hell it could generate a larger scoped project without a lot of manual human intervention. But yea, TODO apps and trivial calculators are effectively “solved”. Same with leetcode. I guess that’s probably the limit of many people’s imagination these days.
I tried to do this out of undergrad (graduated last year). Many companies do both good and bad things to me, some more good than bad. The "best of the best" companies to me require many years of experience and are still competitive. I didn't really want an entry level job at an "evil" company, so I'm going to go do a PhD (in something unrelated to my original interest in operating systems, as I don't want to be a 30k/yr automaton part of Meta's R&D machine).
My point is: it's very, very, very hard to do this, especially with my set of interests (lots of OS work is in the datacenter, which leads to jobs with hyperscalers; I consider many of those companies evil). I'm trying. It will probably make my QoL worse for some time, and I'll probably give up eventually.
Also, evil is undefined in some sense. Is it wrong to do something "good" at a company that has an "evil" aspect?
> My point is: it's very, very, very hard to do this, especially with my set of interests
It is very, very, very hard because you're making it hard by insisting on finding a strong intersection with your set of interests.
Half the jobs I've had aligned well with my interests. They were also in the lower half of jobs I liked. The best jobs I've had were the boring ones. It turns out, there's a lot more to jobs than just what you work on.
The most important thing is to keep a roof over your head. Next is saving for retirement. And then there are things like work environment, the people you work with, team dynamics, the actual technical work, etc.
I've found that the most intellectually fun/challenging work was usually coupled with the most dysfunctional teams. It's likely just a coincidence, but it was a good lesson that other things matter at least as much.
Yes. I work at boring companies that are not evil instead. Never went to my local magnate (Comcast), left a company when they off/onshored entire teams to HCL slaves, etc.
No i won't make 350K as a dev. Yes i will have a paltry middle class existence while we still have a profession called IT.
I used to work on software for non-profits. I found it fulfilling but it was hard to do the work since I found fullstack technically uninteresting (this is my own shortcoming).
Finding a balance in that is difficult. I have seen that it might be easier to find a societally good job the less technically deep the job gets. Networking research seems to be both technically interesting and connected to societal impact (eg. because of the ties to censorship, security, net neutrality etc)
It seems hard to continue doing this sort of research after your PhD though, as in both your school name matters immensely (i.e. you're screwed if you didn't go to Berkeley, CMU, Stanford, or MIT) and so does your publishing success to land a research job, which seems like an enormous task.
I honestly think is it bad for you to be that morally insistent against "evil" companies.
I also think it's not as easy as most people make it. It's not the poor and innocent people that are oppressed by all this evil companies. These companies are just a reflection of the people and the society we live in.
> I honestly think is it bad for you to be that morally insistent against "evil" companies.
Why is that? I broadly agree with the idea that even "evil" companies have parts that do good things or neutral things, but I am curious about your rationale.
The key to not working for evil companies is to have more choice in who you do work for, which involves living way below your means so that you can save inordinate amounts of income and "retire" early - which is just code for "do the work I want to do for those I want to work for".
Many of the startups I work with. We’re helping save the oceans and land. Purpose and profit are dream scenarios for me. It’s difficult in a capitalist economy but it exists.
Why stick with for-profit companies? But on measure I'd say System76, n8n, Nextcloud, GridX, Odoo, Tuxedo, GitLab, Uplight, Aurora Solar, Bandcamp (maybe), Bitwarden, Canonical (maybe), Scribd, Arcadia, Wikihow. Basically any time you find yourself enjoying a product you're using, see who made it and if they're hiring.
Sure it's an uphill battle. This is late-stage capitalism after all and unless you're comfortable with a role that extracts from people who weren't planning in being extracted from you're not going to make a ton of money. That's what it takes to be on the side of the angels though.
I'm not unemployed right now, but in the past have applied to literally every one of those companies and been declined from every one of those companies.
It's hard to find jobs at companies that aren't run by monsters; even if you can identify a company that isn't terrible, there's still a relatively low likelihood of getting a job there.
I'm not blaming the companies for not hiring me, I'm sure they have their reasons for their terrible decision of passing up on someone as handsome and smart as me [1], and I am certainly not entitled to a job, but when I run out of companies that seem ethical, what do you do then?
It's easy to say "well start your own company!", and sure if you have the ability to do that then that's great, but I don't even really know where to begin with finding investors for stuff I'm working on, and I'm not sure that anything I'm working on would be interesting to investors anyway.
Because for profits have the most employment opportunities? All of the companies named in replies to my initial comment hire a minuscule number of people.
If you're looking to scale, then you're looking for companies that scale, and if you're looking for companies that scale, you're not looking for angels. I used to think Cloudflare was an exception to this belief but today I'm not so sure.
I tried to focus on for-profit, but I'm just saying there's nothing wrong with non-profits either. In fact I don't think I consciously mentioned a non-profit but I might have.
Counterpoint, work for companies that pay a lot regardless of good/evil. I worked for an evil company and got paid an insane amount. Got laid off. Am now happily retired in my early 40s.
Ok, and when you apply for and get rejected from all those companies, what do you do then? Suppose you give me a list of literally every company you think is ok, and I were declined by all of them, then what?
This isn't a theoretical question for me. I've applied to and been declined from all the companies you listed (except tarsnap because I didn't see a careers page). What exactly do I do then? Do I then just decide that food is overrated and be content with not having paycheck?
Ok, great. Let's say I agree that that's a good response. I would still likely need investor money, which I don't even know how to get but even if I did then I have a similar problem of having to make sure that I only have ethical investors. I'm not saying that they don't exist but I'm not exactly fond of the big institutional VC firms.
Let's not also forget that most companies go broke, and realistically most of us don't have any ideas that are likely to make a sustainable business.
I'm not saying that you shouldn't try and find an ethical place to work for or start a business, I'm just saying that it's not as easy as "just apply to places that don't suck".
Valve takes 30% of revenue from developers because they have cornered the distribution market. Their margins on the steam store are probably second only to the apple store's, another heinously immoral product.
Just starting with "Not totally abhorrent and aiding the destruction of democracy in the US" would be fine.
Instead of working for Zuck or Google or Larry, you can work for Garmin, Shopify, Visa and Mastercard, most banks (they are soulless but some aren't always evil), grocery chains, pretty much any local business, car companies, non-weapon or surveillance based government work, IDEXX, hell even Apple imo and I dislike Apple, nearly every business that isn't "Tech"
Basically just stop pretending that the industry is only Google, Facebook, AWS, Microsoft, and Oracle. There's something like millions of jobs that aren't in those companies.
I'm certainly not a fan of Oracle (or the wider scale damage the Ellisons have been doing), but I also can't bring myself to be so flippant when an action this large is going to cause untold amounts of personal tragedies.
Easier said than done. Most of us end up working for monsters if you go high enough up on the ladder.
I'm certainly not saying that you shouldn't have boundaries; there are certain companies that I will absolutely not work for no matter what they pay me (e.g. Palantir). I'm just saying that if you draw the line at "don't work for bad company", it's going to be hard to pay your bills since due to the lovely world of capitalism the people on top are usually sociopaths.
To be clear, I do agree broadly; if you can find a company that has decent people running it and doesn't appear to be evil to you, you should probably work for that company. The problem is that the job market is very competitive and you often have to take what you can get.
I'm in a privileged position to where I can be a little choosy with my work (for now!), but I can't really judge someone who has a family to take care of for doing what they need to to pay the bills.
reply