t3rmit3

t3rmit3 , 4 months ago to Technology in Apple will require notarization for apps from third party app stores, and will disable updates for apps installed via third party app stores if staying outside EU

Apple will put up with fines if it judges that if they manage to avoid the fine, the financial benefit will outweigh the fine.

If there's a 50% chance that I stand to make $100m, and a 50% chance to be fined $20m, it makes sense (if I'm unethical, like corporations are) to take that gamble. Even more so if I think I can use lawyers to shift the chances in my favor.

t3rmit3 , 4 months ago to Technology in Firefox plan to show ads and shopping in the near future in the browser as an opt-out

Do I think that better reach could have an impact on donations? Sure.

Do I think that lack of marketing is the reason for FOSS donations lagging behind other donation causes? Not at all; I think they are actually losing out on impacts, in most cases.

FOSS project donations are usually done by people who use the tool, and are interested in seeing it get improved. It's not a "good cause" donation, like feeding kids. If you are collecting money to help people, donors don't expect to receive something in return for giving. But I think it's incredibly unrealistic to think that people will see someone building a software tool, not have interest in using it themselves, but still donate money to support the project anyways.

Marketing a tool that isn't garnering much interest already probably isn't going to see the tool get much additional uptake, especially with how much free marketing already exists in the FOSS space. If you post your software on Reddit and Hackernews and ArsTechnica (all free to do) and aren't seeing interest, you're probably not going to be massively helped by a marketing org stepping in.

t3rmit3 , 4 months ago to Technology in Firefox plan to show ads and shopping in the near future in the browser as an opt-out

Secondly, the reason so few users donate to open source projects is because these projects are so poorly marketed to potential supporters.

That is a huge assumption to make without data to back that up. Do you have a list of open source projects with high numbers of user donations, with evidence that the numbers are due to marketing? Barring that, I think this is pure speculation.

t3rmit3 , 4 months ago (edited 4 months ago) to Technology in Firefox plan to show ads and shopping in the near future in the browser as an opt-out

Yes, but the profits of Mozilla Corporation are all owned by the Mozilla Foundation, which has to adhere to all the usual 501.c3 rules about spending (i.e. it must be in furtherance of the stated mission of the org).

t3rmit3 , 4 months ago to Technology in Tech Job Interviews Are Out of Control

the benefit of shrinking your ... team

I'm not sure I agree with this premise at all, but if I'm roleplaying some bloodsucking shareholder who cares more about my own money than the livelihoods of people, or their work/life balance, etc, then I would say that shrinking the recruitment team should only happen once you have senior-level recruiters who know the products, tech stack, teams, and roles well enough that they can quickly and accurately assess resumes against what the company needs, just as fast as a larger but less-experienced team of recruiters could.

it seems like tech is full of imposters jumping from job to job, playing up their experience.

This is played up, in my opinion. I've done a decent amount of interviews in the past 5 years (more than 40 candidates, less than 100, but don't have an exact number), and only one of them I would say gave me 'impostor' vibes. There are plenty of candidates who talk up their game, but that is more the fault of companies listing every position as needing far more experience than the roles actually do. People are just optimizing to metrics.

Recruiters cannot spot these people, because they know all the jargon despite having none of the skills. This is why these technical interviews exist, but now those are even being gamed by people by studying leetcode.

This sounds more like someone who "knows enough to be dangerous", as it were. Forgive my ignorance of leetcode, but a quick glance makes it seem like it's a Learn to Code website? Is studying coding really gaming an interview, or just studying for the role? Unless your tech interviewers are asking questions directly off of there, doesn't a candidate answering the questions correctly just mean they learned how to do it? If the questions are about things unrelated to your actual work (like asking people to write a linked list, or a recursive function, etc etc), and people are able to answer those questions but not do the actual work, you should probably stop asking those kind of questions.

There is never going to be a way around having technical interviews; they're not even primarily there to weed out liars, they're there to make sure the skills the candidate does have are the right ones for the role. Even if every candidate was 100% honest, you'd still need technical interviews, because 2 completely legit and very skilled backend devs can have vastly different skills or specialties within that realm.

I’d be really curious what a high quality tech recruiter does vs the average.

First and foremost, they work directly with the hiring manager to understand the role, the tech stack, etc. They know the company and their "culture", and they do their own early vetting of candidates before things reach the interview phase, but after they have reached out to the candidates; asking about salary expectations (or ideally sharing the range for the role), asking candidates how many years of experience they have in 'x' maybe top-3 technologies for the role, etc.

t3rmit3 , 4 months ago to Technology in Large Language Models Are Drunk at the Wheel

People are not well educated about what AI actually is and what it’s good at.

And half the reason they're not educated about it is that AI companies are actively and intentionally misinforming them about it. AI companies sell people these products using words like "thinking", "assessing", "reasoning", and "learning", none of which are accurate to AI, but would be to AGI.

t3rmit3 , 4 months ago (edited 4 months ago) to Technology in Tech Job Interviews Are Out of Control

He's right; you can't be pro-paper ceiling and anti-elitist.

Degrees as a filter is useful due to the willful dismantling of our secondary education system, in order to gatekeep higher-paying jobs.

Rich elites want college to be too expensive or exclusive for regular people, so their rich kids who can go get to be first in line at jobs.

Rich, private high schools have advanced subjects like comp sci, pre-med tracks, pre- law, etc, while the people who can afford to send their kids there are lobbying state governments to cut public school funding and programs.

I did 3 years of comp sci, including 600-level courses in OS design, architecture, and even Assembly. Literally nothing in those courses is useful to my IT career. Everything useful that I learned before working in IT, that was IT-related, I learned independently from my college courswork.

t3rmit3 , 4 months ago to Technology in Tech Job Interviews Are Out of Control

Don't like hiring pregnant women? "Your academic track record doesn't reflect the standards of excellence that we expect our candidates to display."

Don't like hiring minorities? "Your academic track record doesn't reflect the standards of excellence that we expect our candidates to display."

Don't like hiring people with natural hairstyles, religious garb, or other 'unprofessional' but protected appearances? "Your academic track record doesn't reflect the standards of excellence that we expect our candidates to display."

t3rmit3 , 4 months ago to Technology in Tech Job Interviews Are Out of Control

it seems like an easy way to save time and money on hiring

If you are seeing this change based on whether you exclude people without comp sci degrees, what you're really seeing is your recruitment firm/ team's lack of effort or expertise. It's literally the job of recruiters to separate the wheat from the chaff. If you're doing it yourselves by putting hard restrictions on the recruitment team to remove the bad results they are letting go through, you should be taking a hard look at that company or team.

t3rmit3 , 4 months ago to Technology in Tech Job Interviews Are Out of Control

We do require a BS in computer science

That's wild that people are still pushing the paper ceiling like this. I've been working in my industry for 11+ years, progressing from engineer to tech lead to architect, with several (very) large-scale, public projects successfully under my belt.

I don't have any degree.

Requiring a comp sci degree is a terrific way to filter out people who had to actually learn their shit and prove their worth, instead of relying on a name on a piece of paper to get them a job interview.

t3rmit3 , 4 months ago to Technology in Cable can't compete with 5G home internet, so it's cheating

Only if enough people were doing this to constitute an algorithmically-reducible behavior.

If you could get everyone who mentions a specific word or subject to put a CC license in their comment, then an ML model trained on those comments would likely output the license name when that subject was mentioned, but they don't just randomly insert strings they've seen, without context.

t3rmit3 , 4 months ago to Technology in Cable can't compete with 5G home internet, so it's cheating

That would require a significant number of people to be doing it, to 'poison' the input pool, as it were.

t3rmit3 , 4 months ago to Technology in A terminal window periodically flashes on my screen every few minutes. It goes away in one second. I have no idea what it is, nor how to stop it.

Most of the IR that I do is within corporate production environments, so I can answer this with the tools I would use for Linux incident response, but there will be areas like Kernel Extensions that are MacOS-specific, which I don't have IR experience in, and can't speak to. Assume that sudo permissions are required for these.

Also note that I'm not including commands to look for active user intrusions (e.g. ssh keys, new users, sudoer edits, etc), just binary implantation like malware. Active human intrusion blows up the amount of places and things to check for, and for regular users who don't have regulatory reporting requirements, you're better off just restoring from a backup.

• ps aux :
  This lists all processes running under all users, not attached to a terminal session. This is a static list, unlike the live-updating list you get with top
• lsof -b -c |-u | -p -R :
  This lists open files. You can specify process names, PIDs, usernames, and more, to filter on. If you filter on PID, include the -R argument to get the parent process info for that process.
• lsof -i :
  This lists open files that have an active network port.
• netstat -antv -p tcp : It's important to note that on MacOS, netstat doesn't perform like it does on Linux (e.g. it won't give you process names), so you need to use the Mac-specific flags for it like these, and you'll need to combine that with lsof or ps to get more info about the processes.

There is apparently also a tool made by Apple called sysdiagnose that you can run to basically do a large-scale debug dump of your system, including lots of data about applications and processes. I can't claim any personal experience with this, but this guide (and part 2 here) go into using it to hunt for malware.

t3rmit3 , 4 months ago to Technology in Free to be Weird: Lowering barriers to Open Source contributions

To be fair, we're not allowed to discuss many other means of stopping corporations from doing bad things on here...

Regulation failed as a framework for stopping corporations, in the US. Even when we put fairly strict regulations in place, they just get rolled back or de-fanged, and we end up right back here, more damaged than before. It's a losing battle, because regulations don't undo damage, just stymie it.

Active measures have a much better chance of actually working, but those are taboo.

t3rmit3 , 4 months ago to Technology in Free to be Weird: Lowering barriers to Open Source contributions

How do we welcome these contributions while lowering risk?

Why do the people using LLMs to modify a project need to make a PR back to the remote branch? Why can't they keep their 'weird' contributions on their own personal fork and use as they like?

If the answer is that they don't have the knowledge to build the app in order to test if the code works before submitting a PR, they shouldn't be submitting a PR in the first place. Code contributions come with an expectation of due diligence on the part of the submitter, to ensure that their code is not breaking anything or introducing obvious bugs and vulns (and of course, that it even works at all).

Democratizing coding means making the knowledge of how to do it more readily and freely-available, not having a computer spit out something that someone doesn't understand, and then telling that person, "congratulations, you're a code contributor".

People are submitting LLM generated code they don’t understand right now. How do we protect repos?

By not accepting PRs that do not properly meet contribution guidelines, like having tests that provide reasonable code coverage, etc.