Comments by "Mikko Rantalainen" (@MikkoRantalainen) on "ThePrimeTime" channel.

  1. Most JS frontend developers use over 1 MB of JS code to show a simple dialog. This developer implemented full gaming engine in 13 KB.
    225
  2. I think a lot of the Rust lifetime unreadability goes away if you start giving more descriptive lifetimes but 'a and 'b. For example, 'request, 'fileopen etc. Then your error messages will make more sense when it's obvious what the lifetime means for logic.
    49
  3. 12:10 Writing single-task application was considered too hard so interns wrote and executed custom SQL queries against production database??? How? Why?
    39
  4. I think being a senior developer is not about already knowing it all. It's more about being able to consider long term side-effects of decisions you make for the project. Sometimes a quick hack is all you need, sometimes a quick hack now would bite your ass in the future and typically it's the senior developer that can tell the difference.
    34
  5. Modern image generators can do supriringly well even with a bit weird prompts such as "Minotaur centaur with unicorn horn in the head, steampunk style, award winning photograph" or "Minotaur centaur with unicorn horn in the head, transformers style, arc reactor, award winning photograph". Even "A transformers robot that looks like minotaur centaur, award winning photograph, dramatic lighting" outputs acceptable results. However, ask it for "a photograph of Boeing 737 MAX with cockpit windows replaced with cameras" and it will totally fail. The latter case has way less possible implementations and this exactness makes it to fail.
    33
  6. The best explanation about Apache 2 license is "Like BSD 2-clause license + patent clause, but well written." I used to license my code as GPL v2+ but I've later changed to MIT or Apache 2.0 licenses later. And yes, I'm one of the weird ones that actually reads and tries to understand the licenses.
    24
  7. And the S in LLM stands for security.
    22
  8. If you have competent attacker, they will just DDoS your network win SYN flood from distributed bot net and there's nothing you can do about it because your application firewall doesn't even see a proper connection to start to filter. The idea is to have so much traffic that your network connection is totally filled up. Cloudflare is the only cheap solution to that but that requires giving Cloudflare ability to read all your traffic.
    18
  9. 15:55 The idea that DOM is so slow that you can run javascript to emulate the tasks that DOM is supposed to do in C++ code is a long term plan sounds a bit weird idea to me. Unsurprisingly the browser native implementation of DOM has gotten much better during years.
    17
  10. 11:00 I think in addition to using only 100% LLM generated data for the next generation, they also overtrained the model to generate previous generation output as closely as possible. (They explain that they compared output string to previous generation output. I think they should have asked for similar meaning, which could have been checked by some other LLM. When you train for identical strings, you'll be overtrain / overfit the network for use which is known to be detrimental for the output quality.)
    16
  11. 4:32 Finally somebody explains how The Berne Convention actually works! This makes so much more sense for the resulting copyright laws than the traditional explanation.
    11
  12. 21:30 This sounds like "we only do unit testing with mock data" – how about doing some integration tests, too, with real Windows installs, too, before distributing the files automatically to nearly 10 million systems? Like run the actual update on real hardware running Windows, restart the Windows system and then check if the booted system can detect the attacks you're trying to guard against? That kind of testing would have shown that "oops, the system didn't come up after restart".
    11
  13. And while you're running the code as modules, add artificial sleep(2ms) to every call to the module to be prepared for the extra latency you'll suffer when you convert that module to microservice. If you feel that your system is getting too slow, remove that artificial sleep call but understand that you cannot ever change that part as microservice either because the latency would be too bad.
    10
  14. 33:33 One programming language worth learning enough to fully grasp its design-by-contract feature is Eiffel. I think that language has even less real world use than Haskell but the design-by-contract feature is obviously useful in any language, even though Eiffel is the only language with full native support for it. Other languages use assert()s to emulate the missing feature.
    10
  15. 5:25 Literally 10x faster with LLM is obviously easily obtainable if you have bad enough skill issues. I think even 100x might be possible if your own skills are bad enough.
    9
  16. Using constexpr everywhere is otherwise nice but you cannot have any input, which reduces the usability a little bit.
    8
  17. 23:45 I really hate when a publication renders graphs next to each other and clip the vertical axis differently for every graph. For example, the Retrieval graph for LAION-400M should practically render three nearly horizontal lines instead of strong linear correlation if you used vertical scale that went from zero to one instead of 0.73 to 0.87.
    7
  18. Bob Ross would have been proud of CrowdStrike software: it only worked as a result of happy accident. Ever. And it was a small miracle the whole system collapsed only now. With the engineering standards that they are demonstrating in this report, I'd have expected to see major issues years ago.
    7
  19. I think one shouldn't create new systems language that is not safe by default. However, doing intentional exceptions should be easier than with Rust. Rust basically only has unsafe block but what we would really need is ability to declare that some specific data structure fullfills some restriction that allows it to be accessed cross-threads in some way that wouldn't be normally possible. That way the Rust compiler (or any other language we're talking about) could be in safe mode at all times but follow the explicit extra assumptions you've declared. Right now Rust only supports totally safe or "trust me bro, I know what I'm doing" modes.
    7
  20. Just like an experienced C developer saying "manual memory management and pointers are actually very simple".
    6
  21. 5:45 I interpret Linus's opinion here as "LLM can be a great code linter but you should assume its output as opinion about the code and then decide by yourself if you want to actually change the code". Though this obviously assumes that the developer skill issues are more about the accuracy of the implementation instead of overall algorithm or mis-understanding data structures or thread locking.
    6
  22. GC is basically a trick where you pretend that your computer has infinite memory and you keep doing new allocations and GC hopefully can figure out stuff that is no longer referenced anywhere and can be released. If your system has really lot memory, a good GC never does anything because NOP implementation can already pretend having infinite memory. The problem is that GC systems typically have practical 5–10x overhead meaning if your application really required 500 MB RAM, it requires 2500–5000 MB when executed with GC. However, if your developer cost is 5–10x less with GC, it makes sense if you pay for all the hardware. And if the customers pay for the hardware, GC is pretty much always a win unless you're seriously RAM limited (e.g. gaming). GC can be tweaked to run with very small RAM usage overhead but then it will use lots of CPU to continuously go through the memory and look for stuff to free.
    6
  23. 39:30 I read this as "If Microsoft had provided us easy-to-use API for this stuff, we wouldn't have needed to create our own kernel driver". Yeah, but you did decide to write your own kernel driver but did half-assed job on it.
    6
  24. And the more modern version goes like this: there are only three hard things in computer science: naming things, cache invaparalleldation and off by one errors.execution
    6
  25. 20 µs is quite important time even for web programming if you're computing JSON response that consist of 500 elements. If you take 20 µs per element, it will be 10 ms for the whole list already.
    5
  26. 7:27 "I am always a rebase guy because I properly know how to use use git." Amen, brother!
    5
  27. 28:00 I guess it depends on your definition of "cold start". I assumed it would have meant that every database has all the important bits in the filesystem cache in any situation. If it actually meant "not having to boot a new VM", sure, that's much much easier thing to accomplish if you don't need VM level separation for security purposes. And considering the amount of hardware security bugs related to VM escape vulnerabilities, I would rather bet on well written server software instead of VM containment.
    5
  28. It's pretty obvious that whoever did this benchmark didn't bother to write the best code for each language. PHP has a function called levenshtein() in the default install which is implemented in C. Should be pretty fast, right? If you re-implement that poorly in PHP, obviously the performance is going to suck.
    5
  29.  @MrHamof  It's more like debug code has more stuff in RAM and off-by-one errors have higher probability of overwriting some debug information instead of real data so buggy code doesn't crash the system equally often. Of course, when your system is memory bandwidth limited in the first place, having to use more RAM to keep debug stuff in the RAM is not a great plan for high performance.
    4
  30. 43:10 The days or even weeks I'm spending in state "I'm thinking more than writing the code" is when there are no good solutions given the existing infrastructure and the task at hand. Only multiple options to proceed but each with various obvious con-sides. In practice, in that case "thinking" is about going through existing programs (searching for something similar and looking for results with pros and cons any given solution had), implementations (typically reading code of some open source libraries to understand how they handle the problematic edge cases), research papers, writing some test code etc. That's the "research" in R&D. I have trouble imagining a coder that just sits there meditating and coming up with a good solution they will finally write. Some call this maintaining a legacy system but I think it also covers making any complex changes to any big system, not matter how old or new the code is. Legacy systems are just typically bigger than newly created (toy?) projects. And you get old hairy legacy systems as a result if you repeatedly try to skip the thinking and research part and always go for the most simple solution you can think of without thinking about the con-sides. Basically: how much technical debt your next change is creating to the whole system? If you ignore the debt, making changes is faster but it will bite your ass later for sure. On the other hand, you don't want to waste time trying to create perfect solution either because perfect is enemy of good and it requires insane amounts of time to create perfect solutions.
    4
  31. I'm a software developer but when I'm fixing my car, I sure hate rust.
    4
  32. 8:40 I think this still doesn't explain why the update file was full of zeros. I would understand if it contained some actual data but didn't match the expected runtime parser.
    4
  33. Skill issue makes it 25% of your time. It seems that Casey has some kind of mental block which prevents him from even trying to understand Git well enough. On principle, not because of mental issues.
    3
  34. Loved the prompt engineering tips in this video!
    3
  35. 47:30 I think "Would you switch to typescript if introducing this new syntax would allow it to run 100x faster than javascript?" would be even closer analogy. And even I would stop writing vanilla JavaScript if TypeScript were actually faster.
    3
  36. 48:59 In the team where I work, when you do code review and accept the code, you'll be the one fixing the bugs when the original author is on the holiday. That results in automatic "nope" whenever some piece of code cannot be understood. A code like the crap in this m4-file is clearly either an exploit or totally unmaintainable. Either way, it doesn't get to live in the official master branch. I'm not sure if I'm just old enough but the bash scripts seemed easy to understand compared to the m4-stuff.
    3
  37. I've been writing software professionally for 20+ years and I see future of software development that I'll be competing in communicating with normal people about their needs for new software. Once normal people feel that they can more successfully explain their ideas to AI than to me, then AI will take my job. Until then, I see future software development as I communicate with normal people and I then communicate with the AI and fix possible mistakes that future AI still makes. Right now, the AI can do pretty little compared to my output but I'm fully expecting future AI systems will be smarter and smarter every year and at some point the future AI will produce better code for a clearly specified requirement spec. I'm still not sure how long it will take until AI can communicate with normal people so well that AI can get the requirements directly from the normal people so they can cut me off the chain. I would have probably 20+ years until retirement and I have trouble seeing the future where my current work cannot be done with high level AGI which some will call ASI. And I can only hope that we switch to universal basic income (UBI) or something similar until the society collapses because so many people will be miserable otherwise.
    3
  38. I, too, like C exactly the same way I think about mechanical watches: with enough skills you can create masterful results but even a small mistake will destroy the value of the whole thing. For practical systems programming, I still think Rust is the least bad option.
    3
  39. I 100% agree that libraries (or rather APIs of any kind, internal or external) should have clear comments about the things that API promises. If you have only the code, you can never know if the library failing with some input is by design or implementation mistake in the library code. If you do class based object oriented programming, my rule is that all public methods must have comment before them to explain the API for all external callers. Don't like writing those comments? Make the method private and you don't need to write a comment! And use whatever comment syntax that allows IDE tools to show documentation to the callers. E.g. JavaDoc in case on Java code, PhpDoc in case of PHP code etc.
    3
  40.  @TurtleKwitty  I agree that most Rust code uses just 'a but I fail to see why anybody considers it like the best possible implementation.
    3
  41.  @TurtleKwitty  Do you understand why lifetime annotations are used in Rust?
    3
  42. 9:50 As I see it, when AGI is invented (my guess is still around year 2030), there's no need to have average humans do verification of generated code nor write tests or be prepared to generate hot fixes when something fails in production. AGI can do all that just fine. It will take years more until the AGI is better at everything than the best human at the same task. But most companies employ a lot of average people and replacing those with average level AGI is going to be pretty simple. And it will happen fast once AGI is cheaper to use than humans. For a couple of years, many people will feel that they can compete with AGI if they cut their salary. And that may allow having higher standard of living than the people that will not cut their salary on principle and will end up without a job as a result. But AI will get cheaper every year and it will not be long until AGI will take all jobs that a worker with average skill for that field can do.
    3
  43. The whole article smells like "our problems are really caused by React but we blame HTMX instead".
    3
  44. I totally agree that you shouldn't abstract before actually feeling the need for it. Say you abstract your invoice printing from the start to support printing to JSON and stdout. However, when the boss then says you have to support HTML, too, and by the way, HTML needs company header, you have to redo every abstraction you already did for the printing stuff so support injecting the extra information to pass the header without using hardcoded header or global configuration values. And the same thing for every other extra dependency what your future data print needs might be. I know I've done lots of unnecessary abstractions during my career and it's not an accident such thing is called astronaut architechture: you try to guess what kind of interfaces you might need if this specific feature would be used by NASA during the Mars mission. And since you cannot possibly guess that correctly, you'll always miss something and have something extra that even the Mars mission is not going to need.
    2
  45. 13:00 I think you're just have too high expectations about human lawyers. GPT-4 (not the "omni" version) already did better than 90% of all the human law students in bar exam last year. I'm fully expecting GPT-4o to be smarter and improve that number. For best results, you should use AI to suggest a solution and then have a pro human lawyer to verify it before doing any radical decisions. But if you cannot affort both, GPT-4 is highly probably already better than a baseline human lawyer. And I know GPT-4 isn't that good so my only conclusion is that humans do A LOT of mistakes.
    2
  46. I see archived backups of backups mandatory for any important service. However, the thing that most companies fail to understand is to estimate the recovery time in worst case. If the recovery time is too long compared to the losses of income during the recovery process, the company may still die for it and then the theoretical possibility of recovering data perfectly no longer matters in reality. The big question is should to do regular test recoveries from archives? With my current work, we only regularly test recovery from main backup, not backup of backup.
    2
  47. 9:52 The colors are used to express that a single line of code can be split over multiple locations in assembly. For example, the for() statement in C code is split on lines 95,96,114,115,116 and all these lines have identical color to make it easier to notice this. The colors appear purely random so green doesn't mean something else than red.
    2
  48. I agree I think I used winamp until year 2001 or so when they "improved" it and it got really bad. Probably related to AOL ownership.
    2
  49. 19:36 "I think the proper mentality to have as a programmer is, everything is horshit, it's all inconvenient. And either you deal with the things given to you, or you write it yourself and you deal with that." Amen!
    2
  50.  @64jcl  I try to use vanilla JS code, too, but I know that I belong to really small minority.
    2