I have worked on such teams. Mostly, even. I would not accept any PRs with code doing any of those things (human or machine made). Small(er) teams on small to medium sized projects.
Critical solutions, but small(er) projects with 2-4 devs, that’s where it’s at. I feel like it’s because then it’s actually possible to build a devteam culture and consensus that has the wanted balance of quality and deliveryspeed.
This seems good from the attendie’s point of view. I would love a similar post on the culture for calling meetings. There are too many “I don’t want to make an effort to understand/solve issue X so I’ll just create a meeting with everyone who might have an interest so we can all spend 1h talking about if the issue is an issue at all, and if it’s an issue what do we do about it”.. makes me so tired.
Don't knock it. I've worked in places where they just ignore problems and don't have meetings. It's worse. At least in your example people are moving towards the issue
Well with women you just have to act like you don’t care, and stop showing an interest. So stop with the pull requests and start submitting some push requests..
(This is satie for those of you who needs to have it spelled out :-)
At this level (govt, 6 figure+ deals) I would at least consider if this problem should have a non-tech solution, and instead have a legal/lawyer solution. In my experience (not US based though) the govt contracts are under compliance programmes as well so the govt agency’s legal/contract mgmt team would probably follow up internally on expiring contracts (ie licences) and require the owning stakeholder to either renew the contract or abandon the software. Meaning the customer would supervise itself regarding licence. But even if you don’t want to rely on self-supervision then having your lawyer spend 1 hour reaching out with a “do you need to renew your licence” at the end of a licence term would probably be much cheaper than building and maintaining an air-gapped licence solution.
Usually you do have recourse via procurement channels and reps. If you file a complaint with that agency stating that they’re using a license without paying for it, it will result in at least an investigation.
If you got to hire the cops to investigate your own mistakes, would you hire competent, motivated folks who'd leave no stone unturned and get access to every classified, air-gapped network in search of license infringements?
I wouldn't. I'd hire some Peter Gibbons type, who only does about 15 minutes of real, actual work in a typical week. Then I'd tell them they can finish early if all their pending cases are closed.
If enterprise corporations actually did a throughout investigation, they would probably find that a lot of their license deals have gone unfulfilled. They are really bad about this kind of stuff. It became super complicated to buy this kind of software once companies realized that they could force everything though a deal desk and try to extract as much money out of the government as possible.
We have had companies outright refuse to even give us a price when we told them we wanted to investigate buying a license. Such a PITA.
The acquisition and procurement departments in many government agencies are often “independent” in that they don’t directly report to the agency. They’re more like compliance people that make sure you’re completing with the procurement laws and regulations.
And unpaid software licenses are a violation.
Now maybe the client in this case may have had some kind if ownership clause, etc. but in general, procurement people tend to be pretty neutral in my experience.
Then again, over only dealt with small contracts (< $500k)
Largely agree but I want to challenge this bit at the end.
> probably be much cheaper than building and maintaining an air-gapped licence solution
I think this is an unwise attitude to take. There's something to be said for a simple picket fence. Even though someone could easily hop it if they wanted to, they lose plausible deniability and in most cases that's all that really matters at the end of the day.
> This started a game of whack-a-mole where the LLM would also attempt to change the pre-commit hooks! I had to fix it by denying […]
When will people acknowledge that LLMs are stochastic text generators?
This whole blog reads like trying to fit a square into a round hole. And frankly most of the comments in this thread is jumping right on the wagon “what water?”-style [1]
By all means use LLMs for what they can be useful for but god damnit when they are not useful please acknowledge this and stop trying to make everything a nail for the LLM-hammer.
LLMs are. not. intelligent. They don’t have a work ethic that says “oh maybe skipping tests is bad”. If they generate output that skips tests it’s because a high enough part of the training data contained that text sentence.
The whack-a-mole thing is a huge "this thing is not useful" indicator to me, and I am really confused how other people don't see it. Ok, there's an agent and the agent is able to figure out stuff and do stuff on its own. Great. But it's trying to cheat and instead of doing what I'm asking it just tries to go the easiest fastest way to claim "job done". How is that useful? If I had an intern do this I would seriously consider getting rid of them.
This is elementary school stuff. Do the assignment, don't cheat. Does useful software get written by people who don't understand this basic fact?
If I understood it correctly, Open Payment Host can register as a TPP and offer direct banking to its users. But a customer of lunar bank can't access the API directly?
I think that's more reflective of the deteriorating relationship between OpenAI and Microsoft than an true lack of demand for datacenters. If a major model provider (OpenAI, Anthropic, Google, xAI) were to see a dip in available funding or stop focusing on training more powerful models, that would convince me we may be in a bubble about to pop, but there are no signs of that as far as I can see.
I second the support for Proton. Proton, however, is not EU-based (not that it matters in this context). It's Swiss. Switzerland, like Norway and the UK, is not part of the EU.
Yes, my mistake I was thinking Europe based (but having said that Swiss have stricter privacy laws than EUs GDPR and is a considered adequate for data transfer).
Cloudflare could be considered a point of failure and is another level of complexity compare to doing your own LB (the extra is the external org — actually extra both in terms of tech and of compliance).
Have you considered doing your own HA Load balance? If yes what tech options did you consider
I took for granted that Hetzner and OVHcloud would be prone to failures due to their bad rep, not my own experience, so I wanted to be able to direct traffic to one if the other was down.
Doing load balancing ourselves in either of the two clouds gave rise to some chicken and egg situations now that we were assuming that one of them could be down (again not my lived experience).
Doing this externally was deliberate and picking something with a better rep than Hetzner and OVHcloud was obvious in that case.
Well, yes. It’s an academic research paper (I assume since it’s submitted to arXiv) and to be submitted to academic journals/conferences/etc., so it’s a fairly reasonable critique of the authors/the paper.
Critical solutions, but small(er) projects with 2-4 devs, that’s where it’s at. I feel like it’s because then it’s actually possible to build a devteam culture and consensus that has the wanted balance of quality and deliveryspeed.