Hacker Newsnew | past | comments | ask | show | jobs | submit | jtafurth's commentslogin

There are several valid reasons to "falsify" commit history.

- You need to remove trash commits that appear when you need to rerun CI. - You need to remove commits with that extra change you forgot. - You want to perform any other kind of rebase to clean up messages.

I assume in this thread some people mean squashing from the perspective of a system like Gitlab where it's done automatically, but for me squashing can mean simply running an interactive (or fixup) and leaving only important commits that provide meaningful information to the target branch.


> You need to remove trash commits that appear when you need to rerun CI

Serious question, what's going on here?

Are you using a "trash commit" to trigger your CI?

Is your CI creating "trash commits" (because build artefacts)?


I thought for a moment it was a really interesting wordplay which I did not understand.


The way I see it, it's less about the technicalities of accuracy and more about the long term human and societal problems it presents when widely adopted.

On one hand, every new technology that comes about unregulated creates a set of ethical and in this particular case, existential issues.

- What will happen to our jobs?

- Who is held accountable when that car navigation system designed by an LLM went haywire and caused an accident?

- What will happen with education if we kill all entry level jobs and make technical skills redundant?

In a sense they're not new concerns in science, we research things to make life easier, but as technology advances, critical thinking takes a hit.

So yeah, I would say people are still right to be weary and 'bullish" of LLMs as it's the normal behaviour for disruptive technology, and one will help us create adequate regulations to safeguard the future.


Being wrong when you are building a grocery management app is one thing, being wrong when building a bridge is another.

For those sensitive use cases, it is imperative we create regulation, like every other technology that came before it, to minimize the inherent risks.

In an unrelated example, I saw someone saying recently they don't like a new version of an LLM because it no longer has "cool" conversations with them, so take that as you will from a psychological perspective.


I have a hard time taking that kind of worry seriously. In ten years, how many bridges will have collapsed because of LLMs? How many people will have died? Meanwhile, how many will have died from fentanyl or cars or air pollution or smoking. Why do people care so much about the hypothetical bad effects from new technology and so little about the things we already know are harmful


I worked for an authority that issued digital certificates for SSL and digital signatures. It's not only about providing encryption but also about trust, when a top level entity issues a SSL certificate, a number of identity validations are carried out, adding an extra layer or confidence on that website.

This may seem inconsequential for static websites without PII, however most browsers consider it important as it reduces the risk for all parties involved when encrypted communication is used and the content providers has taken basic steps for Identity verification.

There are logic flaws with this approach to security imo, but it's the most commonly used technique at the moment.


you didn't answer the _why do we need all that for a drum beat making website_?


Unauthenticated http is a vector for opportunistic malware. They don’t target specific websites, just inject evil.js wherever.


You ISP sniffing and MiTMing traffic on the wire is the least likely vector of malware injection.

ISP's are usually serious businesses with reputations and don't hack their own customers.


That “usually” is doing a ton of work. I remember Vodafone injecting scripts into webpages many years ago. While trying to find a source, I bumped into other shenanigans.

https://www.simpleanalytics.com/blog/vodafone-deutsche-telek...


Out of all the bad actors on the Internet, your ISP is the least bad.


That’s not a valid defence, it’s moving the goalposts and whataboutism. ISPs shouldn’t be bad actors at all and they have the ability to do the most harm.


Maybe if they live in a high income country with relatively strong consumer protections and are using their home ISP. But quite a lot of the internet is very much not that.

In some places and on some networks, MiTMing http traffic for undesirable use-cases is routine.


At least so that login / register data don't go to the middle man.


You don't. But you will be penalized by Big Co for not supporting https.

(It's effectively a "doing business on the Internet" tax. Thankfully not that expensive for small hobby projects now.)


It's literally $0 with LetsEncrypt.


The real problem with the platform I think is discoverability, and that will get affected more and more with corporate clutches.

However I do agree with your point overall, I'm struggling to see how this will not go the same path in a few years.


I wouldn't say it's an archaic problem, an example I can think of is writing scripts for infrastructure running minimal docker images where you want to keep the image size to a minimum, you would usually need to support both bash and other shells.

Embedded applications come to mind as well.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: