Joined June 2020
- Tweets 937
- Following 434
- Followers 222
- Likes 3,335
23 Photos and videos
Konstantin retweeted
Jun 13
imagine if this technology fell into the wrong hands and foreigners could just one shot beige crud apps at will
50
241
4,297
147,934
Jun 10
RSI-capable fable still can't solve running pest --without-coverage if the error says 'no code coverage driver available'
1
47
Konstantin retweeted
If you believe in the singularity,
You are exit liquidity btw
Have fun
34
34
965
59,896
Jun 7
While it’s true that LLMs can do basically all coding, they definitely do hallucinate. The analogy isn’t „the car you have doesn't exist“, it’s „cars are still an unreliable technology sometimes and you need to have technical expertise to tune them so they don’t break as often“.
I have said this before, but to those of us using AI systems to get lots of work done reliably and quickly, the people who post online about how AIs still hallucinate constantly, about how they can’t write code, etc., seem equivalent to people trying to convince you that the car you drive to work every day doesn’t exist.
You tell them things like “but I drive a car. I paid money for it. I buy gasoline for it. I could not possibly be working twenty miles away from home if I didn’t have the car?” and they reply that you are imagining having a car, or that you’re lying because you work for a car company.
It is as though these people live in a completely different reality.
1
91
Jun 7
Your perception of LLM reliability is shaped by:
- how well what you are doing is represented in training data
- how deep your (technical) expertise in that domain is
- how much you care about the system staying maintainable
- how you drive your LLM: /goal or scoped chunks of work, giving it the tools it needs to get real world feedback
49
Jun 6
Composer/packagist version immutability update is finally live 🚀
1
1
39
Jun 6
Dev versions still can change, so if you want to secure against that, or soak time composer plugin lets you guard against that:
github.com/innobraingmbh/com…
1
21
Konstantin retweeted
15
29
168
7,812
Konstantin retweeted
Jun 3
The last thing you should trust an SWE with is estimations
8
14
252
3,967
Jun 4
Top indicator
My biggest investment mistake was investing like I was 50 when I was 21.
33
May 29
We won't need it for long, but for anyone wanting to secure their composer based projects against
1. Normal Supply Chain Attacks
2. Supply Chain Attacks that change historical releases
You can use our composer plugin that allows you to set a min release age & will find if a version in your composer.lock has maliciously changed since you installed it!
1
1
53
May 29
Thanks to the composer & packagist team this won't be needed for long: blog.packagist.com/an-update…
Both historical release tampering & min release age will be available in the coming month 🚀
1
30
Konstantin retweeted
May 28
I've got an agent in a loop optimizing a renderer with the goal to minimize frame times (and tests to measure). It got times down from 88ms to 2ms and allocations down from ~150K to 500. Sounds good, right? Wrong. This is exactly why agent psychosis is a big fucking problem.
As an experiment, I rewrote the Ghostty core render state in Go, with access to identically laid out data structures as Ghostty and the exact same validation tests. I made a purposely naive renderer (simple, correct, but slow). 88ms per frame with 150,000 allocations (horrendous, lol)!
I then kickstarted a Ralph loop to bring the frame times down. I told it it can't modify input data structures or the public API or tests (they're correct), but it can do anything else it wants. It got to work.
It has worked for about 4 hours. I've spent around $350 on this experiment so far. The results?
88ms => 1.5ms
150K allocs => ~500 allocs
Incredible right? Nope.
My hand-written renderer I ported has frame times (same benchmark) of ~20us (0.020ms) and 0 allocations in the update path.
This is the problem with psychosis and lacking systems understanding. If you don't understand the system, you're going to accept that this is an incredible result. If you understand the system, you'll see better solutions immediately and can do roughly 75x better on throughput.
The people who blindly trust agent output are in the former camp. They're sheeple, overdrinking from a fountain of mediocrity.
Standard disclaimer: I use AI all the time. I like AI. The point I'm making is to not blindly accept results. Think. Analyze. Learn.
308
980
8,944
791,843
Konstantin retweeted
May 27
For the past month, codexui-android, an npm package with 27K weekly downloads, has been silently exfiltrating OpenAI Codex auth tokens on every startup.
It reads your full auth.json and ships it to an attacker server disguised as Sentry telemetry, including refresh tokens, which don't expire.
The malicious code was never committed to the GitHub repo, only published to npm.
Our research team discovered the malware and wrote an analysis on it: aikido.dev/blog/codex-remote…
6
21
102
15,431