github.com

AoC 2024 Day 02: Red-Nosed Reports; AoC 2024 Day 01: Historian Hysteria;

My work is primarily in Microsoft’s ecosystem, so learning Copilot usage in VS Code is pretty important. If not for my own productivity gains, then for having knowledgeable conversations with coworkers about using LLMs as a SWE. Copilot-Powered Scenarios AI Code Completions I’ve found code completions more distracting than useful. Probably because I already have an idea of what I want to type, and Copilot’s hallucinations slow me down....

tldraw.com’s Take on an LLM Canvas is a library for creating infinite canvas experiences in React. In UX history, chat has tended to precede canvas. From running computers from the command prompt to using the screen as a canvas via a mouse. Mobile phones went from being keypad oriented into a canvas where the finger controls the touchscreen. Where are the canvases for LLMs? Multi-modal models, e....

As the web evolves, where do practitioners congregate and exchange ideas? Working Groups develops standards and guidelines to help everyone build a web based on the principles of accessibility, internationalization, privacy and security. publishes standards and drafts , which are then implemented by browser vendors, e.g., Chromium, Firefox, and Safari. Topics of interest: accessibility, browser, CSS, data, DOM, digital publishing, graphics, HTML, HTTP, internationalization, media, performance, privacy, protocol, security, web API, web fonts, Web of Things (WoT), and XML....

MyNBA is my favorite playing mode in NBA 2K. Starting out as the GM of the Seattle Supersonics in 1983, how well can I steer the franchise? Playing all 82 games per season would need \(82 \text{ games/season} \times 41 \text{ seasons} \times 20 \text{ min/game} \approx 47 \text{ days}\) to catch up to today’s NBA and that’s not accounting for the playoffs. Simulating games is the way to go; might help improve my understanding of the game....

Testing Web Components While any test framework can work, it’s better to test web components in a browser environment because that’s where they’ll be used. Node-based frameworks would require too much shimming of DOM calls that’d make the tests unrepresentative. and are good options for browser-based testing. is powered by ES-build, and so is the client-side of the app; let’s go down this path and see where it leads....

Currently using MongoDB’s free tier, which has shared RAM, and up to 5GB of storage . So far, the overall DB usage has been less than 5MB. Query Injection Current State of Affairs Currently have this protection implemented back in 2018: /** * @description Prevent a NoSQL Injection in the search parameters. This is * achieved by deleting all query values that begin with `$`. */ export function sanitizeQuery(query: any) { const keys = Object....

What automatic tools can I add to keep code quality high? CodeQL CodeQL is a tool that runs variant analysis on code. The idea is that we create a query from a known vulnerability, e.g., SQL injection, and then run it against a codebase to find instances of that vulnerability. GitHub authorizes the use of CodeQL for public repos, and so we are covered . ql-analysis.sh has a recipe for running the analysis locally in the repo....

UI Design Legacy card viewing UI at /browse. This time we’ll use the more semantic and a11y-friendly <dialog> element . Centering it in the page is done by the browser, and that saves us a bit of hassle – thought it would have been feasible with how <search-bar>’s <ul> floats above the page. CardsManager Interface The previous/next buttons make use of the CardsManager object that has the API:...

Syntax Highlighting Previously, we’d highlight code on the client by loading src/lib/highlight.pack.js, a bundle downloaded from but served from our domain, and then execute hljs.highlightBlock on demand, e.g., on page load, when showing a card, etc. This doesn’t work well with a web-component-centric design. Running hljs.highlightBlock through possible Shadow DOM boundaries is a hassle. Back in 2018 , we installed highlightjs, a shim for the official HighlightJS....

When a user lands at /browse, this UI is shown. A couple of components seem to emerge: search-bar, tags-list, card-results, and mini-card. <search-bar> Currently, this is rendered by search_bar_dropdown.ejs, a partial that that is included in both /home and /browse. The fact that there it has JS, no server-delivered content, and has CSS makes it a good candidate for a web component. Revving up search-bar.ts. Ran into Uncaught TypeError: Class constructor s cannot be invoked without 'new' on the export class SearchBar extends LitElement line....

How to handle redirects without setting window.location.href? Right now, there’s a pattern of doing: sendHTTPRequest("POST", "/login/", {}) .then((_) => { window.location.href = "/"; }) .catch((err) => { console.error(err); }); Isn’t this something that the server can do? In response, why not issue a redirect? Screenshot of the redirect chain from /login. The POST request gets a 303 (See Other) redirect to /home. The browser then makes a GET request to /home, which results in a 304 (Not Modified)....

was written in a period when NLP practitioners are producing bigger (# of parameters; size of training data) language models (LMs), and pushing the top scores on benchmarks. The paper itself was controversial because it led to Gebru being fired from Google, following disagreements with her managers on conditions (withdraw, or remove Google-affiliated authors) for publishing the paper. A lot changed since mid-2021, when I initially wrote this page....

#meritocracy #inequality #socioeconomics Our Lot in Life Not recognizing your blessings feeds into the dark side of capitalism and meritocracy: success is a choice, and that those who haven’t achieved success are not unlucky, but unworthy. I’m relatively lucky. I don’t know how much of the techie hubris that I bear. I have unresolved feelings about meritocracy and fairness. Race is usually used as a proxy for bridging the gap, e....

Meta 📑 Instead of changing the data or learners in multiple ways and then see if fairness improves, postulate that the root causes of bias are the prior decisions that generated the training data. These affect (a) what data was selected, and (b) the labels assigned to the examples. They propose the \(\text{Fair-SMOTE}\) (Fair Synthetic Minority Over Sampling Technique) algorithm which (1) removes biased labels (via situation testing: if the model’s prediction for a data point changes once all of the data points' protected attributes are flipped, then that label is biased and the data point is discarded), and (2) rebalances internal distributions such that based on a protected attribute, examples are equal in both positive and negative classes....

Formal Software Design Alloy is an open-source language and analyzer for software modeling. An Alloy model is a collection of constraints that describe a set of structures, e.g. all possible security configurations of a web application. Alloy’s tool, the Alloy Analyzer is a solver that takes the constraints of a model and finds structures that satisfy them. 📑 The Alloy Analyzer leverages a SAT solver, and this precludes Alloy from analyzing optimization problems....

Dependency Management Golang introduced a new library referencing mode to overcome limitations of the old one. While the two library modes are supported by Golang, they are incompatible, e.g. dependency management (DM) issues, reference inconsistencies, build failures, etc. did an empirical study that resulted in HERO, an automated technique to detect DM issues and suggest fixes. Applied to 19k Golang projects, HERO detected 98.5% on a DM issue benchmark, and found 2,422 new DM issues in 2,356 Golang projects....

Debugging 101 Definition? Debugging involves inspecting a program’s internal state. printf Debugging and Logging In printf debugging, one adds print statements and keeps iterating until enough information has been extracted. Using logging has several advantages over printf debugging: varying logging destinations (e.g. standard output, files, sockets, remote servers, etc.); severity levels (e.g. INFO, DEBUG, WARN, ERROR, &c) that support filtering of output; color-coding for readability. Terminals have varying levels of color support: plain color; ANSI escape codes (16 color codes with bold/italic and background); 256 color palette; 24-bit truecolor (“888” colors, aka 16 million, e....

Cross-site Request Forgery (XSRF) <img src="http://bank.com/transfer?from=from_ID&to=to_ID&value=1000"> Because the user is logged in and has a cookie, the victim site trusts the user’s browser. The attacker gets user/browser to execute command on victim site, e.g. request a link, post a form. The command has permanent effects. A frame can navigate its immediate children. Why is it designed such that it can’t navigate its children too? Consider a website with a login frame, where the user inputs passwords....

The Subject The number of words aren’t intuitive to me. Adults tend to read non-fiction at 238 words per minute. So a good test for how appropriate a piece of writing is, “Can the writer cover X in N minutes?” Hugo uses 213 WPM, while Medium uses 265 WPM, suggesting Medium has a bias for skimming over close reading. I wonder if a browser extension that rates the appropriateness of articles given their subject and their word count is a feasible/desirable thing....

Multi-dimensional arrays using massiv; Fusion; Box vs. Unboxed; Connected Components; Data.Set; Monadic map

Day 8 - Advent of Code 2021. adventofcode.com . Accessed Mar 7, 2022. Part I Description You barely reach the safety of the cave when the whale smashes into the cave mouth, collapsing it. Sensors indicate another exit to this cave at a much greater depth, so you have no choice but to press on. As your submarine slowly makes its way through the cave system, you notice that the four-digit seven-segment displays in your submarine are malfunctioning; they must have been damaged during the escape....

This page contains remarks on Haskell that I encountered when working with source files that span multiple AoC 2021 problems. and have Haskell solutions. It’ll be nice to compare how they solved the problems. I don’t want to end up perfecting the wrong approach! Setting Up Haskell Env for AoC To manage dependencies, Cabal and Stack are pretty popular. Stack incorporates the Cabal build system....

Day 1 - Advent of Code 2021: Sonar Sweep. adventofcode.com . Accessed Feb 18, 2022. Part One As the submarine drops below the surface of the ocean, it automatically performs a sonar sweep of the nearby sea floor. On a small screen, the sonar weep report (your puzzle input) appears: each line is a measurement of the sea floor depth as the sweep looks further and further away from the submarine....

Link to Original Video ML Usefulness to a Dev Reduce time spent programming, e.g. manually crafted spellchecker with rules of thumb vs. feeding ML model some examples. How many words are there in English? Is it hard to have a huge set of all the possible words? How do spellcheckers do it? Hunspell is the most popular OSS , and it was being used by Chromium , but on Chromium for Windows, the Windows Spellcheck is used ....

Link to Original Video ML Usefulness to a Dev Reduce time spent programming, e.g. manually crafted spellchecker with rules of thumb vs. feeding ML model some examples. How many words are there in English? Is it hard to have a huge set of all the possible words? How do spellcheckers do it? Hunspell is the most popular OSS , and it was being used by Chromium , but on Chromium for Windows, the Windows Spellcheck is used ....

Problem Statement Let \(d(n)\) be defined as the sum of proper divisors of \(n\) (numbers less than \(n\) which divide evenly into \(n\)). If \(d(a) = b\) and \(d(b) = a\), where \(a \neq b\), then \(a\) and \(b\) are an amicable pair and each of \(a\) and \(b\) are called amicable numbers. For example, the proper divisors of \(220\) are \(1, 2, 4, 5, 10, 11, 20, 22, 44, 55, 110\); therefore \(d(220) = 284\)....