|
There are several consumer-owned helicopters in my area. They fly them to/from work, other towns, sporting events, etc. Convenience, yes, but also a bit of "I have money and I'm going to show it" type of thing.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
|
Helicopter's are fascinating when I lived in the Grand Canyon National Park for 8 years I became friends with a number of helicopter pilots. One of the most fascinating pilots was the fellow who flew the rescue chopper for the Park Service. My two close friends that were former Vietnam Warrant Officers started a helicopter tour company. The fellow who flew for the Park Service was not a Park Service employee. And they both told me he was quite the legend as he flew diamonds in New Zealand. Seems he would on occasion encounter pirates that would try to bring his bird down. Because he lived outside the park the Park Service Paramedics complained he was not ready to go when they got to the heliport.
NOT TRUE he was always sitting in the bird rotors turning ready to go.
One day he had enough of the complaining. So the correct procedure to descend into the canyon is hover over the area to land and spiral down. Well he told the paramedics to hang
on. Trust me you do not do this! He got the bird over the canyon and rolled it in.
That ended the complaining!
Side note every Saturday I flew to Hualapai Reservation with my Warrant Officers friends who had a contract to fly the Hualapai in and out of the canyon with their grocery's
|
|
|
|
|
|
I am thinking about using a static code analysis to identify security vulnerabilities as I and my team write code. (Like Sonar lint but for security).
I have come across some extentions like
Security code scan[^] or Synk Security[^].
Do you have any experience with such extensions?
If yes do you think they are useful?
Do you have other recommendations?
|
|
|
|
|
You do know that Sonar can help identify security vulnerabilities don't you? If you're using Visual Studio, you can also use security analyzers to help detect OWASP errors. To be honest, and I speak with a lot of experience in this area, SAST can be more dangerous because it gives you a false sense of safety. All SAST tells you is that the code you checked in doesn't have a vulnerability. It's not that great at determining that a dependency of a dependency of a dependency has a known vulnerability, or that you have an unpatched container or OS vulnerability. You need to consider security as a top to bottom thing, so you would be looking to leverage SAST, DAST (the dynamic version of SAST), IAST (the infrastructure version), and so on.
|
|
|
|
|
|
We forced to use Checkmarx One - the most annoying thing is that 90% of the 'findings' are BS... For the first time - after that it is 100% BS (if you fix the real problems)
"If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization." ― Gerald Weinberg
|
|
|
|
|
I can recommend the free OWASP Dependency-Check.
I found Snyk disappointing, for .NET it only scans NuGet packages and ASP.NET applications are automatically marked as "high security risk".
|
|
|
|
|
GKP1992 wrote: static code analysis...If yes do you think they are useful?
No.
At best it might help junior developers.
At worst it makes senior developers think that is all or even most of what is needed. Or even significant.
|
|
|
|
|
I have experience with Sonar lint and so far I find it pretty annoying.
Lots of annoying micro (more like pico) performance recommendations: use Count/Length > 0 instead of Any() or use TrueForAll instead of All (TrueForAll didn't even exist when I wrote this code).
Sometimes it wants me to make code less readable by changing foreach (var something in somethings) { something.Whatever... } to foreach (var whatever in somethings.Select(s => s.Whatever)) { whatever... } (which kind of negates the prior performance recommendations).
On very few occassions it gave me recommendations that changes the meaning of the code and one time even to code that didn't compile.
I've seen lesser programmers changing JavaScript code to the latest greatest that wasn't supported in client's browsers because Sonar lint told them to.
I've tried hiding some recommendations, but can't get it to work (in the free version).
I haven't seen really good suggestions.
|
|
|
|
|
We use Veracode here. It seems to be pretty good at scanning your .NET code and suggesting how to fix it. I know it scans other languages, but we only use it for .NET.
Bond
Keep all things as simple as possible, but no simpler. -said someone, somewhere
|
|
|
|
|
Wordle 1,067 4/6
⬜⬜⬜⬜⬜
⬜⬜🟨⬜🟨
🟩🟨🟩⬜⬜
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 1,067 3/6*
⬜⬜🟨⬜⬜
⬜🟨🟩🟨⬜
🟩🟩🟩🟩🟩
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Wordle 1,067 4/6
⬜⬜⬜⬜⬜
🟨⬜🟨🟨🟨
⬜🟩🟩🟩🟩
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 1,067 4/6*
⬜⬜⬜⬜⬜
⬜⬜🟨🟨🟨
⬜🟩🟩🟩🟩
🟩🟩🟩🟩🟩
Happiness will never come to those who fail to appreciate what they already have. -Anon
And those who were seen dancing were thought to be insane by those who could not hear the music. -Frederick Nietzsche
|
|
|
|
|
Wordle 1,067 5/6
⬜🟨🟨⬜⬜
⬜🟨⬜🟨🟨
🟨🟨⬜🟨⬜
⬜🟨⬜🟨⬜
🟩🟩🟩🟩🟩
Isn't this a proper noun?
|
|
|
|
|
|
Not a considered old persons game
In a closed society where everybody's guilty, the only crime is getting caught. In a world of thieves, the only final sin is stupidity. - Hunter S Thompson - RIP
|
|
|
|
|
⬜⬜⬜🟨⬜
⬜🟩🟨⬜⬜
⬜🟩🟩🟩🟩
🟩🟩🟩🟩🟩
In a closed society where everybody's guilty, the only crime is getting caught. In a world of thieves, the only final sin is stupidity. - Hunter S Thompson - RIP
|
|
|
|
|
Wordle 1,067 5/6
⬛⬛🟨🟨⬛
⬛🟨🟩⬛⬛
⬛🟩🟩⬛🟩
⬛🟩🟩🟩🟩
🟩🟩🟩🟩🟩
Ok, I have had my coffee, so you can all come out now!
|
|
|
|
|
Wordle 1,067 X/6*
⬛⬛🟨🟨⬛
⬛⬛🟨🟨🟨
⬛🟨🟨🟨⬛
⬛🟩🟩🟩🟩
⬛🟩🟩🟩🟩
⬛🟩🟩🟩🟩
|
|
|
|
|
And I think I found my most ambitious idea yet.
Training models to make LLMs spit out code for input specs where the code loops hand written.
So like parser generators.
DAL generators
etc.
Different model for each. Each model comes in a nuget package along with a C# source generator that invokes it.
The only thing is it will require hosting your own LLM. I have two 4080s across two machines, so it's not a problem for me - part of why I bought them, but I wonder how practical it is in general.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
honey the codewitch wrote: I have two 4080s across two machines, so it's not a problem for me - part of why I bought them, but I wonder how practical it is in general.
While it might work, I suspect that at the current state of the art it would not be cost-effective. The costs of hardware, collection of training data, classification of the training data, etc. are likely to be more expensive than the time that you'd save on the coding.
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
I mean that I intend to release nuget packages with pretrained models, integrated as C# Source Generators that prompt a local LLM, trained with a (relatively) small model to undertake a specific type of coding task, like generating a parser given a context free grammar.
I am not looking to make an all purpose code generator or anything like that.
My interest is in code synthesis by which I mean generating "hand written" code.
The differences between a generated parser and a hand rolled parser are far deeper than basic cosmetic. The details of how they work are different, even if the principles are the same. Mainly a generated left recursive parser with fixed lookahead will always greedy match. A left recursive descent parser such as hand rolling would produce can switch between lazy and greedy matching, leading to more efficient and often much smaller code.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
nuget packages - pretrained models - LLM - coding task - generating a parser - context free grammar ...
Perfect candidates to extend the Word List in the Makebullshit - Tech Bullshit Generator[^]
This wonderful site is not updated yet with new AI buzzwords. Maybe it's time to do this.
|
|
|
|