got me thinking that it would be interesting to remove all comments that cant be reproduced by llm on code base with comments stripped out.
If the llm can produce similar enough comment from scratch, would it be better to just have an IDE that dynamically injects comments when you need as opposed to them being in version control?
One of the stated goals is to have long-term support and maintainability. Adding in a dependency like an IDE is already a large step away from that goal, and to include a dependency on a LLM's non-auditable output actively steps away from that.
Comments in source code are always going to meet the maintainer's intention and will much more likely cover the use cases that comments are meant to cover - unintuitive cases or decisions, unclear algorithms, general usage to point maintainers in the right direction, and so on. More importantly, comments in the source code require no additional tools or other dependencies and as such are more dependable.
Why would I want comments produced by a roll of the dice rather the human who was in the thick of it?
I would instead be willing to consider some kind of QC assessment. Where does AI think the comment does not match the code because something has fallen out of sync.
I used to live by a busy street in a semi-dense part of town. Cars would be going around 45mph.
When I moved from that apartment after 4 years. I was shocked by the amount of black dust covering everything. from the walls to the shelves and floors. I think it was all tire pollution so switching to 100% electric won't mitigate.
It was pretty shocking and I wondered how much i increased my risk for lung cancer or other cancers.
Man, similar story. Spent a few months next to a mall parking lot with rough asphalt. Apparently the neighborhood had a car drifting crowd, and they'd regularly do so, which made me irrationally angry.
I only realized later that all the black dust everywhere must have been tire particles, when I realized other places DON'T have the black dust. Given the toxicity of tire pollution, it doesn't seem like my reaction was irrational after all. Sucks for all the people that still live there, who may not even realize what's going on.
I was just talking to my wife about playgrounds using shredded tires as the "mulch". I don't know where the rubber comes from, if and how it is cleaned, or what particulate material it carries, but it seems dubious at best.
It's banned for new installs in Europe and existing installations have to be replaced by 2031 [1] - although primarily to get rid of a microplastics emission source. Additionally, shredded tire rubber as infill is investigated for being contaminated with PAH (polycyclic aromatic hydrocarbons) [2].
Personally, I more suspect vehicles. We got a grip on particulate emissions from diesel engines, but brakes and tires still emit fine dust particles. The average one way commute is 30 minutes in the US, so you're breathing in pretty filthy air for an hour a day...
This would be 'pretty easy' to demonstrate by comparing cancer rates by people who live adjacent to busy highways against those who live in rural areas. 'Pretty easy' is always nonsense in observational studies because the confounders have confounders that are confounded by other confounders; even more so for things that are relatively poorly understood, like cancer. But it's at least something that would certainly get (and probably already has been?) funded.
We got at least a link between heavy road traffic and stunted lung growth in children, as well as at least 10% increased lung cancer rates [1]. Additionally, noise from road traffic has been linked to increased rates of cardiovascular disease and mental health issues [2].
Both of this is compounded by the fact that people living next to major roads tend to be poorer, so there is a socio-economic issue present as well.
Hopefully not. I keep the windows up and recycle the air (which should be filtered on its way in anyway). I live a bit closer to road than I'd like considering the traffic levels though so even keeping windows open in the house could be an issue.
6PPD (N-(1,3-dimethylbutyl)-N′-phenyl-p-phenylenediamine)
•Purpose: Antioxidant to prevent rubber cracking.
•Danger: When it reacts with ozone and air, it forms 6PPD-quinone, a toxic compound shown to kill salmon and other aquatic life at trace levels.
•Status: Under increasing regulatory scrutiny (e.g., Washington State has started restricting it).
⸻
2. Polycyclic Aromatic Hydrocarbons (PAHs)
•Purpose: Byproducts from extender oils and carbon black.
•Danger: Known carcinogens, mutagens, and endocrine disruptors. Persist in the environment and can leach from tire wear particles.
•Status: Regulated in the EU; linked to air and soil contamination.
⸻
3. Benzothiazoles (e.g., 2-mercaptobenzothiazole)
•Purpose: Vulcanization accelerators.
•Danger: Toxic to aquatic organisms, possibly carcinogenic, and bioaccumulative.
•Status: Found in tire leachate and considered a contaminant of emerging concern.
⸻
Nothing definitive about harm to human welfare yet, as far as I know.
"When tires wear on pavement, 6PPD is released. It reacts with ozone to become a different chemical, 6PPD-q, which can be extremely toxic — so much so that it has been linked to repeated fish kills in Washington state.... Testing by a British company, Emissions Analytics, found that a car's tires emit 1 trillion ultrafine particles per kilometer driven — from 5 to 9 pounds of rubber per internal combustion car per year....
a team of researchers, led by scientists at Washington State University and the University of Washington, who were trying to determine why coho salmon returning to Seattle-area creeks to spawn were dying in large numbers.... in 2020 they announced they'd found the culprit: 6PPD....
Tests by Emissions Analytics have found that tires produce up to 2,000 times as much particle pollution by mass as tailpipes."
My (wealthy) high school had a "turf" field which uses little rubber pellets as the "dirt". Those were probably shredded tires too. During football season you would see them tracked around the school, and if you were a football player or in the band they would show up at your house.
also, they would periodocially dump "more dirt" onto the field, once every year or so. Not sure if they vacuumed the old stuff up or just dumped more on top, but sometimes you would go out there and there would be a huge pile of rubber in the middle, which I guess got spread out later
Where I live during the Rugby and Soccer seasons it's not uncommon for the 'normal' pitches to be unplayable due to consistent periods of rain.
A number of schools, and public facilities, near me have switched to plastic pitches for this reason. I'm not advocating for them but there is a rationale.
BTW it's not just that being very muddy makes it difficult to play on but that using the pitch in that state trashes the grass.
The lungs are exposed to air, but they're also exposed to a lot of bloodborne compounds, since a full vascular cycle goes through the pulmonary arteries.
The null hypothesis is "it's something in the air", but with the increase in non-lung cancers in young people[1] noted over the past decade, it's entirely possible it's something else, and lung tissue is one of the susceptible ones to whatever it is.
This might actually be brake dust. In that case, the situation most likely will be improved by electric cars because they use their brakes far less often, decelerating with their motors.
Breaks are only part of the problem unfortunately.
> Resuspension of dust already on the road’s surface is the most significant contributor to non-exhaust PM by far, however these particles are difficult to characterize and manage because they could come from anywhere before landing on the road. Brakes are the next most significant source, and may also be particularly hazardous because of their small size and high metal content. Tires contribute the least, but they release large amounts of particles which act as microplastics in ecosystems.
I've heard that regenerative braking helps, but the relatively higher mass of an electric car (because of the battery) hurts. I wonder how it adds up in terms of brake dust produced.
My EV is around 25 % heavier than comparable ICE vehicles, but it only uses the disc brakes to stop the car from walking pace and hold it in place. I wouldn't be surprised if the amount of brake dust was less than 5 % of what my previous car emitted.
But then you have much more tire dust, since it rises rather exponentially and not linearly with mass of the vehicle. Overall more health-friendly but not as much as people(owners) like to think.
And it could be both tire dust and or brake dust are indicators of proximity to combustion engine exhaust. Any individual or combination of those could be an increased cancer risk. But only the dust is immediately visible and leaves behind a tangible trace
Yeah there's a lot of stuff comes off tyres, and EVs still have that. They also produce brake dust, although maybe less of it because of regenerative braking.
But they do have no tailpipe emissions, so they're still kicking out a lot less air pollution than a combustion-fuelled vehicle with not just the carbon dioxide but the myriad of pollutants which lower urban air quality so much.
Ultimately, a less dusty tyre would be a good thing, but the significant impact we can make now is to continue the EV transition knowing that like all solutions it's imperfect and we also need to use fewer vehicles and keep looking for better options.
I don't doubt a significant portion was tire and brake dust, but even gasoline and diesel can emit a significant amount of soot and unburned hydrocarbons.
To the point of the article: A lot of Quakers dont label their worship as meditation. The point of quaker worship is to open your heart to "listen". The point of meditation is often mindfulness. there is some overlap but i think it is a different ends from similar means.
Another contrast is quaker worship is done in a community looking inward towards the center of the room, Zen meditation when done in a temple is done looking at the wall. for me this is a contrast between the quaker "society of friends" and zen can be done in isolation
Quakers for me have a special place in my heart.
I'm a bit sad that in California there are very few Quaker communities when compared to Buddhist or Zen communities. The quaker communities that do exist seem to be hanging on from the counterculture movement several decades ago.
I've attended a Quaker community for the past couple of years and sadly it is dying out. Almost all of the members are past 60 y/o and almost zero young adult members or younger members attend.
I think the Quaker philosophy is powerful and unfortunately i believe it has lead to its downfall. The lack of creed and resistance to structure makes it hard for new members to feel comfortable and make it easy to be more casual about your membership. this leads to people just dropping out.
also the structure of quaker practices can seem offputting for people from more conventional religious backgrounds. For example christmas "celebrations" are done entirely in silence from the moment you enter to when you leave. this is a staggering contrast to almost every other celebration. (also in contrast to most of christianity a lot of quakers dont believe jesus was "holy" but rather an ordinary man who was more in touch with the "light", underscoring the intensity of their egalitarian beliefs)
I think Quaker has a branding problem. People think of quaker oats or amish. (amish have nothing to do with quakers). Zen is more trendy and "mystical". If quakerism was "rebranded" a lot more people would be attracted to it.
My heart yearns for more Quaker communities. Its so sad to see them die out.
Have you attended recently, as in the past few months? Maybe our meeting is special because it's Berkeley, but we have a solid core of young people regularly attending. I was on Nominating Committee last cycle, and we've gotten a number of Young Friends, where in the recent past it's been pretty much aging members.
You might be right about rebranding, but to me a lot of what appeals is the focus on the substance rather than perceptions.
> I think Quaker has a branding problem. People think of quaker oats or amish.
The Quakers, like many minorities, face other people who know next to nothing about them claiming them as mascots. Quaker Oats are called that not because of a special Quaker fondness for oats or a cultural association between Quakers and oats but because General Mills thought the image would be good for their brand. If they were selling socks or buckets, they would have slapped that Mona Lisa-esque visage on those products. I have heard there was a particular Quaker mill owner whose likeness they used. I'm sure his quaint, 18th or 19th century attire, and the presence of Amish in Pennsylvania, are why people think there's some connection between the two religions. (Also, both are peace churches, but Baha'i and Jains are also pacifists and people don't confuse them with Quakers.)
In Pennsylvania there's a business of some sort called "Quaker Steak and Lube". The Quakers I know -- and I grew up among them in a large, well-connected Quaker family -- have no salient connection to either steak or lube. It's just that back in the mists of time Quakers founded the state which others now thoroughly control and some businessman in Pennsylvania thought it would be funny to slap their name, initially invented as a slur against them, onto his business.
So Quakers have two branding problems: people don't know their brand and they do know other peoples' brands that pretend to have some association to them.
About Quakers withering away, I do see a lot of agèd Quakers. The group that meets near my house is pretty old. But there are still Young Friends groups that are thriving, Quaker summer camps (full of non-Quakers), and such. Quakers probably are fading away, as most non-rightwing religions are, but I don't think they're a special case. At least they still believe in procreation, unlike the Shakers.
you don't need to store anything on the server. cookies for that domain are sent with the request and it is enough for the server to check its cookie with the csrf request data.
browsers would send the bank.com cookies with the bank.com request. It is security built into the browser which is why its so important to use secure browsers and secure cookies.
If the malicious user convinces the user to use an insecure browser you can circumvent CSRF, but at that point there are probably other exploits you can do.
> How does server know the cookie is valid if it doesn't store it
depending on why you'are asking the question,
* because it decrypts correctly
* because it contains some user identifier
People don't usually store sessions in cookies because cookies can't be very big, and session do become big. So what people do instead they store cookies in databases, and put session identifiers into cookies.
How does server know the cookie is valid if it doesn't store it and how does it know csrf token is valid if it doesn't store it and finally how does it know that this csrf token relates to this cookie session token if it doesn't store it?
The CSRF token can have nothing to do with the cookie session information. you can store CSRF as a separate cookie.
You can validate the CSRF is valid by keeping a key on your server and matching that the token you get can be derived from that key.
See Django's implementation of CSRF for more details. CSRF tokens are separate from session and no CSRF information needs to be stored in database to validate CSRF.
I like to tell people if you go to a carpenter to build a table, you'll get a wooden table. If you go to a stone cutter, you'll get a marble table. If you go to a welder, you'll get a metal table.
The trick is to know who to go to get what you want. In the USA with PPO there is generally zero friction to just making yourself an appointment with a speciality doctor and that specialty doctor will use his "toolbox" to create the outcome that you came to him and paid for. If you go to a psychiatrist, well their tool is prescription medicine, so that is what they'll use.
This sounds like common sense, but i think the population at large places too much trust in the doctor. In the US you have to be your own advocate.
An idle idea I’ve had is that the healthcare bureaucracy in the U.S. can get so bad that one wishes one can hire a lawyer-type of role to navigate it as a paperwork proxy of sorts. But perhaps greater scope is needed- a personal medical advisor who has the domain knowledge, while being independent of the incentives that drive others in the health system.
I suppose in the past that would just be your family doctor, wasn’t it.
In california (and i would have guessed nationally) at least you do need a long form test in order to get control prescription like adderall. But the test is more of a "video game" style that tests your attention
I remember there was a Soviet practice of cutting records into old XRays (called "ribs") as a way to bootleg them. I think those cutting machines were made from retrofitted old phonographs.
For black market uses, the consumers was probably willing to bear dreadful audio quality. For a modern aficionado, the quality must be good enough to give some justification for the endeavor.
In the soup story the villagers freely gave up their carrots and onions and the travelers didn't give any guarantees that they wouldn't be consumed.
In the AI analogy, it is a bit closer in my mind if the travelers would say "Don't worry your onions and carrots and garnishes won't be consumed by us! Put them in the pot and we will strain them out, they are still yours to keep!"
We, the villagers, are dumping our data into the AI soup with a promise that it won't be used when we are using the API or check a little "private mode" box.
The analogy breaks down because physical property and intellectual property are different.
When we input creative works into training sets, we do not withhold those works from someone else! Digital copies are different than scarce resources. *
Also, all the AI ToS I've read have stated they will use my inputs to improve their services. I haven't seen an AI service state they won't use my inputs.
The analogy is perfectly apt. When an AI is trained on work that you've produced, it steals your effort - your work and effort and sweat has been taken by the model and its users.
...unless you think that your employer should be able to withhold wages from you because there's no "physical property" that you've provided to them.
It would be more accurate to imagine a version of the tale where the stone soup chef rifles through people's houses to collect ingredients without permission (if they were against it surely they would've opted out of his services and obtained guard dogs?), and then opened a stand to sell the soup in the town square at premium prices while tainting the wares of his fellow vendors with his leftover slop.
Literally all “promises” mean nothing unless backed up by force.
The government was a nice backplane to ensure that, but now that its decisions are unreliable, all interactions with other parties are under these natural law rules.
I don’t think this being AI really changes the deal given that starting situation
Many social conventions are less implemented by force than by withdrawal of cooperation. That's an aggression, but of a very mild formf, but regardless one which is remarkably effective without requiring an offensive stance or the risks concomitant to same.
Psh, the companies are freely giving up the data. It is unmentioned where the villagers got the carrot initially, maybe they also stole it from the library or promised their users the carrot would not be eaten. Lol
> Note that this graph is generated remotely with the contents of your `tach.toml`
Isn't shipping off parts of your codebase to a 3rd party without warning in the CLI a security risk? Or in regulatory environments you get audited that your code was only stored on properly vetted services which is why some sales cycles for AI coding assistant tools are so long. It would be kind of frustrating to have something like that happen and get set back on licensing, etc.
Just from the video it doesn't seem like any sort of warning that you are shipping config files to your servers and the URL that you produced doesn't seem to have any authentication.
Maybe i am misunderstanding that functionality, but it gives me pause to use it.
In short, we want to make the visualization UX as smooth as possible, and this is best done with a web app. The URLs use UUIDs, and the contents being sent don't include literal source code, only module names and Tach configuration. We will also delete graphs by UUID on request, and have done so in the past.
That said, we do try to be up-front about this, which is why that disclaimer exists, and when running this command on the CLI, you must supply an explicit `--web` argument to `tach show`. Otherwise, the default behavior is to generate a GraphViz DOT file locally.
I’m mostly kidding but incidentally PHART was born in order to visualize Python dependency graphs in-line in 7-bit ASCII because I wanted the functionality in my dependency analyzing code summarizing concatenator tool I was using to aid in pair-programming with ChatGPT and Claude when codebases started outgrowing useful context lengths.
That tool is here https://github.com/scottvr/chimeracat/
(it is nowhere as slick-looking as OP’s app, but also that is by design.)
The first time someone in public said they were curious to see the chimeracat output for his company’s codebase was also the first time I considered “wow.. how do I make sure people know they can trust chimeracat isn’t stealing their code?” and started thinking of ways to give people that surety and safety for any app, because so realized that though it was my first time to think about how “code analysis” tools like this, it even linters, prettifier’s etc. are a fertile ground for subterfuge and espionage, it was no doubt not the first time the thought had occurred elsewhere, and likely to at least a handful of folks who would (and no doubt are) putting such tools out there in the wild.
> you could always write a GUI app. it's not that hard for such a self-contained project
beautiful HN comment. They might simply be familiar with web apps and want to focus on the part that provides the most value to users.
The external network requests are optional. It can run fully locally.
They’re a tiny startup that just launched, trying to ship something that helps people. Building a native app is not the most impactful thing they could spend their time on.
Why not just let users run the web app locally? There's no reason it needs to be remote.
Also, the mere fact that it sends any data, no matter what you say it contains is a non-starter at many places. And even module names can contain proprietary data.
I can understand the frustration, but I think there are legitimate reasons to run this remotely.
Tach is an installable Python package, shipping a full web app would have to come in a separate form factor and has significant maintenance implications. Given we are explicit about the remote app before anything is sent, require explicit opt-in, and we provide usable alternatives locally, we prioritize shipping a useful graph experience that is immediately usable.
If you are at an enterprise that cannot tolerate this, then you can use a local viewer with either GraphViz DOT format or Mermaid which is generated by using `tach show` or `tach show --mermaid` respectively.
I appreciate the attempt but the reasoning of "it requires maintenance" is entirely moot. You have to do this regardless. Its just whether or not you publish it open-source. You are still saying, internally, this is good enough for customers, when you push it out.
This is a (very) thinly veiled attempt at a closed garden of sorts, IMHO. Its a "clean" excuse for not giving away the milk for free, but it falls short on actual reasoning.
Looking at the license (MIT) we already got much more than what we paid for and the authors don't "have to" do anything but accept thanks of those who chose to be grateful for software they got for free.
This. It's ridiculous how often people complain about the design of free software. If you don't like it, just don't use it! Use something else! Build your own! Or fork it to work in the way you described that you'd prefer - you can do that yourself if you really want since the source is available
It is totally valid to tell people not to criticize a project offered by someone who made it for their themselves or wants to offer the value to the public but doesn't have the resources to do everything perfectly. But this is not that, and I don't see a non-profit org behind it, so it appears to be something that is being offered on a quid pro quo basis. Thus we need to figure out where the value is being extracted and if the dev are cagey about it, that rings alarm bells.
The default of the command is to generate locally. They don’t need to open source an entire web app. It’s easier to deploy themselves then deal with the burden of open sourcing and maintaining.
This isn’t some conspiracy. It’s a tiny startup trying to ship something useful.
I think you misunderstand my comment. I was addressing whether or not it can be appropriate for someone to question an aspect of an open source project, and not whether this project was part of a conspiracy.
Since you’re being somewhat brigaded by the “everything local!” mob, I just wanna say that this all sounds completely reasonable to me. Some people hate being told that their demographic just isn’t currently being catered to exactly in the way that they want. I’m sure that these people working on things so utterly Top Secret can wait a while for your new little tool to support them. They’re just mad they can’t use it at Meta or whatever.
If the llm can produce similar enough comment from scratch, would it be better to just have an IDE that dynamically injects comments when you need as opposed to them being in version control?
reply