> How hard is that to fix? Aren't they using CoPilot? Just ask it to fix the invisible icon.
Maybe that's the problem? Imagine a Microsoft employee allowed to program only by using a CoPilot prompt, screaming and begging to just apply a patch he already written without touching anything else :D
This might not be too far from what's happening. In the dotnet repos you can see MS employees constantly fighting it across hundreds of PRs: https://github.com/dotnet/runtime/pull/120637
After all that noise, the clanker just says it can't do it and the PR is abandoned. I'd say it would have been easier to literally do nothing and have the same result.
If a human wrote it, at least there would have been a possibility for learning or growth. This just looks like a waste of time for everyone.
The LastPass hack is a good example of that happening. Weak master passwords and a smaller number of KDF rounds, made the situation worse.
Realistically, most users benefit from using a reputable cloud-based password manager, and should focus on securing it with a strong password and MFA. You should also change your passwords if your password manager is breached.
Yeah - but where does the code doing the encryption/decryption come from? 1Password serves me the Javascript that encrypts/decrypts my vault every time I open my work 1PW webapp.
It's not reasonable to assume their server is "secure" not just from evil-hakzors and script kiddies, but also from government agencies with things like Technical Capability Notices and secret FISA warrants and NSLs with gag orders (or whatever their jurisdictional equivalents are), and also from threats like offensive cybersecurity firms with clients like disgruntled royalty in nepotistic moncharcy nations states who send bonesaw murder teams after dissident journalists.
I (mostly) trust AES (assuming it's properly implemented, and I exclude the NSA from that, and the equivalent agencies in at least a handful of other major nation states).
I have a lot less trust in owners and executives at my password vault vendor or their cloud hosting company or their software supply chain. If I were them, I'm pretty sure I wouldn't be able to stick up for my users the way Ladar Levison and Lavabit did. There's no doubt that the right federal agency could apply enough pressure on me and my family/friends to make me give up all my users unencrypted vaults. Sorry, but true.
If you're moving in emacs using per-line/character commands, you're definitely not using emacs as efficiently as you could be.
So the distance in efficiency (and therefore efficacy) between mouse and keyboard is rather a gulf, once you've paid the cost of learning the extra emacs commands.
v, then t/T or f/F if staying on the same line, j and k if it’s within a couple line, / or ? for anything else. With the repetition commands ./,/n/N if I do not land at the correct place.
A major reason agentic LLMs are so promising right now is because they just Figure It Out (sometimes).
Either the AI can figure it out, and it doesn't matter if there is a standardized protocol. Or the AI can't figure it out, and then it's probably a bad AI in the first place (not very I).
The difference between those two possibilities is a chasm far too wide to be bridged by the simple addition of a new protocol.
Having A2A is much more efficient and less error prone. Why would I want to spend tons of token on an AI „figuring it out“, if I can have the same effect for less using A2A?
we can even train the LLMs with A2A in mind, further increasing stability and decreasing cost.
A human can also figure everything out, but if I come across a well engineered REST API with standard oauth2 , I am productive within 5 minutes.
I have never seen a website where I can sign up without a password and using only email and passkey. Is there one? All websites treat passkeys as an “add-on” to the passwords of the last century. Totally backwards thinking.
God if it could just be a single key that you dump to paper or titanium plate and don't worry about backing up a zoo of keys/password with a cloud. Just take my one and only public key. If you care about per service privacy, you are welcome to use multiple. I don't think there is any compromise scenario where you would leak any single specific passkey and they are not bruteforcable. Why is it not as simple as that?
Maybe that's the problem? Imagine a Microsoft employee allowed to program only by using a CoPilot prompt, screaming and begging to just apply a patch he already written without touching anything else :D
reply