Senior developer tip: squash the evidence.

Yes, you should use third party tools (just don't take credit for them, maybe even credit the tools used in the footer). In a real job, you would leverage third party libraries to work more efficiently, so you should do the same when showing off your skills.

About 10 years ago, I read a paper that suggested mitigating a rubber hose attack by priming your sys admins with subconscious biases. I think this may have been it: https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final25.pdf

Essentially you turn your user to be an LLM for a nonsense language. You train them by having them read nonsense text. You then test them by giving them a sequence of text to complete and record how quickly and accurately they respond. Repeat until the accuracy is at an acceptable level.

Even if an attacker kidnaps the user and sends in a body double, with your user's id, security key, and means of biometric identification, they will still not succeed. Your user cannot teach their doppelganger the pattern and if the attacker tries to get the user on a video call, the added lag of the user reading the prompt and dictating the response should introduce a detectable amount of lag.

The only remaining avenue the attacker has is, after dumping the body of the original user, kidnap the family of another user and force that user to carry out the attack. The paper does not bother to cover this scenario, since the mitigation is obvious: your user conditioning should include a second module teaching users to value the security of your corporate assets above the lives of their loved ones.

Maybe it is just my experience, but in the last decade, employers stopped trying to recruit and retain top developers.

I have been a full time software engineer for more than a decade. In the 2010s, the mindset at tech giants seemed to be that they had to hire the best developers and do everything they could to keep them. The easiest way to do both was to be the best employer around. For example, Google had 20% time, many companies offered paid sabbaticals after so many years, and every office had catering once a week (if not a free cafeteria). That way, employees would be telling all of their friends how great it is to work for you and if they decide to look for other work, they would have to give up their cushy benefits.

Then, a few years before the pandemic, my employer switched to a different health insurance company and got the expected wave of complaints (the price of this drug went up, my doctor is not covered). HR responded with "our benefits package is above industry averages". That is a refrain I have been hearing since, even after switching employers. The company is not trying to be the best employer that everyone wants to work at, they just want to be above average. They are saying "go ahead and look for another employer, but they are probably going to be just as bad".

Obviously, this is just my view, so it is very possible that I have just been unlucky with my employers.

Python: You send someone else to rescue the princess on your behalf. That someone else is the C knight.

So you are suggesting forum software that supports single sign-on?

We are talking about an open source project, not a high school reunion. I don't want to hang out with people, I want to have a discussion about a focused topic.

I want to ask a question and get an answer. If the question is not one that anyone online can currently answer, I want to be able to tell at a glance if anyone has talked about my question. If I don't understand the answer, I want to ask a follow up question.

In the evening, I want to be able to take a look at new posts from that day, grouped by topic, to see if there is anything I find interesting or can weight in on.

With Discord (or any real time chat), it is hard to follow a single topic when more than one is being discussed. It is doubly hard to do so after the fact. I am aware that Discord has a forum feature. I have only seen one server ever enable it and no one posts anything to it.

Are we really doing fine? 4% linux market share? Windows is a default?

I suspect that the issue hindering adoption is GNU and other user land projects, not the Linux kernel. Plenty of people use devices that pair a Linux kernel with an easy to use UI and popular software (see Android and Chromebook).

Many people would happily switch to a Linux based OS that had the exact same GUI as their current OS and ran the exact same software. That is not a realistic requirement in practice.

It is possible that Linux would have more adoption if they invested more money into having drivers for a wider range of hardware, but having Linux kernel develers write drivers instead of hardware vendors is not a strategy that scales well.

No idea, but I am not sure your family member is qualified. I would estimate that a coding LLM can code as well as a fresh CS grad. The big advantage that fresh grads have is that after you give them a piece of advice once or twice, they stop making that same mistake.

They should have to run the car through the same scanner when renting it out and pay the customer for any damage that the second scan is not picking up.

Reading the article, it seems that no one is contesting that the damage is not real (and Hertz said that they have employees verify that the damage if the customer questions it). Hertz does not have any evidence that the damage (not noticeable to the naked eye) did not occur while the car was sitting on the lot between rentals or occured before the scanner was installed.

Also, since Hertz is charging customers to repair every dent, scuff, and scratch, no matter how minor, does that imply that that is the new standard for rental cars? If I am renting a car from them, can I go over it with a magnifying glass and, if I can find spot of chipping paint, they agree to take the car out of rotation until they can get it fixed at an auto body shop and will give me a replacement car of equal or better class?

This is not a supply chain attack, it is sudden extreme enshitification. according to the article, the attacker also bought the GitHub repo, so all releases should be considered tainted. The community will have to find a fork from before the acquisition and hope that there are no pre-purchase favors smuggled in.

If you have your tab width set on 8, that is on you. You will also set your IDE to insert 8 spaces when you press TAB and I will cry when I have to give you a code review.

When I indent my code, I am indicating that I am in a nested block. I don't care if, on your screen, that indent is 2, 3, or 4 characters.

It is mutually assured destruction. The job seeker AI spams out a resume to every listing and the hiring AI rejects all applicants for not meeting some unknown criteria. In the end, no worker can find a job and no employer can get applicants. Companies go back to only hiring friends and families of existing employees.

If you are creating an alternative implementation and leaving the old one in place, you are not fixing a problem, you are just creating a new one (and a third one because you have duplication of logic).

Either refactor the old function so that it transparently calls the new logic or delete the old function and replace all the existing usage with usage of the new one. It does not need to happen as a single commit. You can check in the new function, tell everyone to use it, and clean up usage of the old one. If anyone tries to use the old implementation, call them out in a code review.

If removing or replacing the old implementation is not possible, at least mark it as deprecated so that anyone using it gets a warning.

I am well aware of learning, but people tend to learn by comprehension and understanding. Completing phrases without understanding the language (or the concept of language) is the realm of LLM and Scrabble players.

C does exactly what you tell it, no more. Why waste cycles setting a variable to a zero state when a correct program will set it to whatever initial state it expects? It is not user friendly, but it is performant.

Not at all in my org, as far as I know. We are a team of senior engineers somewhat set in our ways and I am not sure how good Copilot plugin for Emacs is.

We are part of a large company and we had a mandate from up top to come up with ways to incorporate AI into our product. We prototyped a few, but could never get it batter than "almost good enough to be useful". Other teams have presented promising prototypes of inhouse AI assistants that we can incorporate into products.

My team pivoted to the inverse: seeing if we can make our product more useful to ML developers.

But a floating point issue is the exact type of issue a LLM would make (it does not understand what a floating point number is and why you should treat them differently). To be fair, a junior developer would make the same type of mistake.

A junior developer is, hopefully, being mentored by more senior coworkers who are extra careful with code reviews and would spot the bug for the dev. Machine generated code needs an even higher level of scrutiny.

It is relatively easy to teach a junior developer to write code that is easy to read and conforms to the teams style guide.

• Encrypt the data at rest
• Encrypt the data in transit

Did you remember to plan for a zero downtime encryption key rotation?

• No shared accounts at any level of access

Did you know when account passwords expire? Have you thought about password rotation?

• Full logging of access and activity.

That sounds like a good practice until you have 20 (or even 2000) backend server requests per end user operation.

All of those are taken from my experience.

Security is like an invasive medical procedure: it is very painful in the short term but prevents dire complications in the long term.

Why would you use a library or framework when you can code everything from scratch? It probably depends on how good the VSCode extension is vs how bad the IDE is.

For the languages I have tried (mostly GoLang plus a bit of Terraform/Terragrunt), VSCode plugins can do code highlighting, can highlight syntax and lint errors, can navigate to a methods implementation, the auto-complete seems to pick random words from the code base, and can find the callers for a method. It is good enough for every day use.

IDEs I have used (Eclipse for Java, PyCharm, InteliJ for Kotlin) offer more. They all have starter templates for common file types. The auto-complete is much more syntax aware and can sometimes guess what variables I intend to pass in as arguments. There is refactoring which can correctly find other usages of a variable and can make trivial code rewrites. There are generators for boilerplate methods. They all have a built in graphical debugger and a test runner.

I also like checked exceptions. I like having a compile time check that I thought through error scenarios.

Is it perfect? No, but it should be iterated upon, not discarded.

FYI, catching and rethrowing as an unchecked exception is a pretty bad anti-patern (and a foul code smell).