@sturobson I’m more of a back-end and systems person, so it’s always good to know someone to refer front-end work to!

We're excited about the new release, Crystal 1.16.0!
https://crystal-lang.org/2025/04/09/1.16.0-released/

Look out for some potentially breaking changes related to bug fixes in `File.match?` patterns and parsing a request string that looks like a URL in `HTTP::Request.new`.

This release brings Execution Contexts (RFC 0002) as a preview feature, please give it a try!

The Rails 8 Way by Lucas Dohmen, Tom Henrik Aadland, and Obie Fernandez is on sale on Leanpub! Its suggested price is $49.00; get it for $16.80 with this coupon: https://leanpub.com/sh/EFMyT7Ve #RubyOnRails

@elementary tl;dr I support your objectives, and kudos on the goal, but I think you should monitor this new policy for unexpected negative outcomes. I take about 9k characters to explain why, but I’m not criticizing your intent.

While I am much more pragmatic about my stance on #aicoding this was previously a long-running issue of contention on the #StackExchange network that was never really effectively resolved outside of a few clearly egregious cases.

The triple-net is that when it comes to certain parts of software—think of the SCO copyright trials over header files from a few decades back—in many cases, obvious code will be, well…obvious. That “the simplest thing that could possibly work” was produced by an AI instead of a person is difficult to prove using existing tools, and false accusations of plagiarism have been a huge problem that has caused a number of people real #reputationalharm over the last couple of years.

That said, I don’t disagree with the stance that #vibecoding is not worth the pixels that it takes up on a screen. From a more pragmatic standpoint, though, it may be more useful to address the underlying principle that #plagiarism is unacceptable from a community standards or copyright perspective rather than making it a tool-specific policy issue.

I’m a firm believer that people have the right to run their community projects in whatever way best serves their community members. I’m only pointing out the pragmatic issues of setting forth a policy where the likelihood of false positives is quite high, and the level of pragmatic enforceability may be quite low. That is something that could lead to reputational harm to people and the project, or to community in-fighting down the road, when the real policy you’re promoting (as I understand it) is just a fundamental expectation of “original human contributions” to the project.

Because I work in #riskmanagement and #cybersecurity I see this a lot. This is an issue that comes up more often than you might think. Again, I fully support your objectives, but just wanted to offer an alternative viewpoint that your project might want to revisit down the road if the current policy doesn’t achieve the results that you’re hoping for.

In the meantime, I certainly wish you every possible success! You’re taking a #thoughtleadership stance on an important #AIgovernance policy issue that is important to society and to #FOSS right now. I think that’s terrific!

@Catawu @briankrebs I’m not really interested in their frame of reference or what they think about the people impacted. That’s not because I don’t care, but because I think it's irrelevant to the deeper underlying issues.

I’m actually more interested to what extent this situation may violate #HIPAA and other #patientprivacy laws. Part of the functional challenge in what is currently going on at the federal level is that many privacy and #healthcare safeguards such as HIPAA are a complex mixture of laws passed by Congress and regulations defined by the executive branch to implement those laws.

I am not a lawyer, but I do deal with #privacyregulations and #regulatorycompliance issues professionally. To the extent that the administration is arguing that they have constitutional authority to make changes to the implementations developed and overseen by the executive branch itself, the extent of what is being done seems unprecedented but may not be illegal per se. I am not qualified to make that determination, but I think it's the foundational question that needs to be asked.

On the other hand, the parts of HIPAA and other federally-enacted laws regarding #healthcare and privacy are in fact laws established within our country’s constitutional framework. The executive branch can’t simply wish clearly-established laws into the cornfield. Unfortunately, many laws leave a great deal of the implementation details—whether unintentionally or through deliberate delegation—to the executive branch, the states, or various regulatory agencies. In turn, many of those regulators also operate to one extent or another under the executive branch, and that further complicates the picture.

Many federal laws leave a great deal of wiggle room for interpretation to the executive and judicial branches whether not by design, but congressionally-enacted laws and protections provided by the Constitution itself cannot simply be ignored. While there's definitely a difference, separating a "law" from the "regulations" that implement that law isn't necessarily a simple exercise.

The real challenge is that our republic was designed as a Venn diagram of overlapping roles, responsibilities, and authority that were meant to operate in a state of carefully-balanced tension. The republic's framework has never been tested this broadly within my lifetime, if ever. Even though how our three branches of government should work is material covered in any decent highschool civics class, the complexity of statutory vs. regulatory authority requires legal and Constitutional scholarship that is more than the average citizen can bring to bear on the matter. I'd like to think I understand these issues better than most—and I certainly have my own personal and professional instincts about what's right and wrong—but I wouldn't dream of claiming to understand all the nuances involved.

Professionally, I am taking a deliberately apolitical approach to what is a very legitimate set of questions about constitutional authority. Likewise, my apolitical but professional experience tells me that there is entirely too much gray area around the constitutional and legal topics to determine with certainty what is legal as opposed to what is moral or ethical. In my professional experience, what is right and what is lawful aren't always the same.

Unless society as a whole is willing to revisit some of the underlying assumptions collectively made over the past several hundred years about the differences between legislative laws and the administrative regulations that implement them, this problem is unlikely to go away anytime soon. In fact, it is likely to spread to other areas with similar gray areas. As an argument by analogy, the current legal mess around #copyright and #LLM training may be similar in terms of being pure sophistry where the term "fair use" is clearly being used in an intellectually dishonest way, but apparently it's far enough into the gray to pass legal muster right now. Decades or centuries of legislative layering has led to a legal framework that never envisioned modern realities. Revisiting and revising centuries of legal accretion would require a strong moral compass, a great deal of political courage, and in-depth analysis by legal and constitutional scholars (among others) in order to address the very real institutional unraveling we're observing.

Sadly, in a society that frequently classifies expertise as “elitism" such a brutally honest conversation is unlikely to happen soon. A broad reconsideration of how our republic was designed to function and a hard look at how it actually functions would require high levels of both personal and political courage. It's even less likely to be rapidly prioritized without sufficiently clear political self-interest from a majority of those with the remaining authority to materially affect the outcome.

What I’ve said may strike some as political opinion rather than strictly analytical observation. However, my statements are deliberately based on well-established sociological and psychological norms rather than current politics. I feel confident in asserting that the likelihood of Congress or the Supreme Court—much less the general public—addressing these things effectively in the near term is essentially zero. For any elected or appointed official acting alone, the risk of asserting constitutional prerogatives vastly exceeds both the collective will of their respective institutions and the already-ceded institutional powers required to do so effectively.

I will be moderating an executive round table via Zoom from 3:00-4:30pm US/Eastern tomorrow for The Ortus Club. The topics are ones I’m always passionate about: #cybersecurity & #businessresilience.

This is a peer-driven round table. No one’s pitching anything. The goal is to bring a broad spectrum of industry luminaries together to share their experiences, insights, and collectively brainstorm about ways to future-proof our security strategies.

The round table is open to IT & cybersecurity leaders in North America. Space is limited, but there are still a few no-cost seats remaining for the #thoughtleaders in my extended network. You can sign up at the link below, but the clock is ticking.

No matter how well-attended these events are, it’s always more fun with a friendly face or two in the crowd. I hope yours will be one of them, and look forward to seeing you there!

https://www.linkedin.com/posts/todd-a-jacobs_why-legacy-cybersecurity-is-putting-your-activity-7310488468139200512-nodq

@Linux I find the character limit in some sites too small, too. Infosec.Exchange has a 10k limit, but its local feed topics may not suit your needs, and I haven’t checked where .exchange is hosted because that’s not one of my core criteria.

Still, I like the site for the extended capabilities and it’s got a great community. Your mileage may vary.

@Linux I do the same, but for topic focus. I use ruby.social for #RubyLang & other software- or developer-adjacent stuff; I post about #cybersecurity & non-dev #AI topics on infosec.exchange. I cross-link verifed accounts to assure followers they're all really me, but that's a personal choice.

Who cares if you use multiple instances? Where's the harm? Some people need or want separate identities, or have other valid reasons. It's nobody else's business, really.

#HiveMind Question: I have ≈ 2.6B skills (give or take a couple billion) that are relevant to my work, but #LinkedIn has a hard limit of somewhere between 50-100 skills you can list on your profile.

I'm trying to figure out what to do about it. Due to length limits here, I posted a longer question with context over on LI.

NB: No LinkedIn login required to view the referenced post.

https://www.linkedin.com/feed/update/urn:li:share:7309276162147446785/

#RubyLang #hivemind: I have a passel of #SQL spaghetti that I'd like to turn into a set of #Rails models. I'm not finding a good SQL-specific #LLM that understands interrelated SQL files for #RAG that groks the newer features of #RoR 8+. I'd like #model_enums & seeds.rb support.

Know an LLM model that's any good at doing even 50% of the #boilerplate work? It doesn't have to be perfect; it just has to make it less tedious to extract the boilerplating.

Suggestions?

in the spirit of YAGNI (“you aren’t gonna need it”) I offer up YAGSI (“yak ain’t gonna shave itself”) into the voidspace zeitgeist and apologize in advance.

@djsundog I resemble this remark! As someone who learns a ridiculous amount of cool stuff by shaving yaks, I feel validated and seen.

I now also have a better way to explain *why* I’m doing it in the first place. It’s right up there with Everest and “because it’s there.”

It's gratifying to see my insights about the #techEconomy—especially #ITlayoffs in #cybersecurity and #softwareDevelopment partly driven by the current #AI hype cycle—amplified by peers & media.

"AI can't support what it doesn't know," says James Stanger, the chief technology evangelist at CompTIA, a nonprofit trade association for the US IT industry…"If you've got toxic companies that are interested in that binge-and-purge, on-and-off hiring of developers, I'm not sure they're going to create very good products." (Hoover)

It supports my own #codingAI #metrics that show a human solving a problem the AI never completed even with 400% more time & expert prompting. Confirmation bias? Possibly. Feeling seen & heard? You bet!

1. Hoover, A. 2025. The career ladder for software engineers is collapsing. Business Insider. https://www.businessinsider.com/career-ladder-software-engineers-collapsing-ai-google-meta-coding-2025-2

2. Jacobs, T.A. 2025. AI can’t replace IT professionals yet. LinkedIn. https://www.linkedin.com/posts/todd-a-jacobs_layoffs-itprofessionals-ai-activity-7298780638222929921-XuOA

@collin The examples I gave benefit Apple, tying things to their ecosystem. They make unwarranted assumptions about use cases & actively break things in undocumented ways.

Consider that HDDs are still cheaper per terabyte than SSDs. Then consider that Apple REMOVED the ability to create encrypted HFS+ partitions, so large RAID arrays either need to use APFS—designed for SSDs; degrades HDD performance—or use unencrypted HFS+ drives & then manage at-rest encryption separately.

@todd_a_jacobs https://thenib.com/who-makes-emoji/

@collin They absolutely do this. They also do weird things to make macOS unlike other *nix systems, and then don't bother to maintain the tooling for managing the weirdness. Examples:

1. Replacing /etc/passwd with dirmngr and then not providing good tools for centralizing user administration.
2. Presenting LTO tape drives as driver-only devices instead of as /dev nodes.
3. APFS w/ poor HDD performance + dropping HFS+ encryption.

Their "embrace, extended, and abandon" philosophy is very broad.

TL;DR: #Layoffs of skilled #ITprofessionals in expectations of replacing them with AI-only value delivery are likely to backfire.

I'm very pro-AI. These systems are extremely good at certain tasks! I'm just annoyed by the endless spin promoting all the things #AI is demonstrably really bad at right now.

I do #promptengineering and #softwaredevelopment professionally, but still spent 2+ hours last night working with several dedicated coding #AImodels debugging a hairy GNU find expression with path pruning. Net result? I gave up on the AI models, wrote my own regular expressions from scratch, and leveraged some good ol' fashioned shell scripting to handle the edge cases.

❎ AI Computation (GPU + CPU) + Human Labor ≥ 2 hours
✅ Experienced Human + Unit Tests = 0.5 hours

In addition to the software development work I do for fun and profit, I am also actively #jobhunting for strategic & tactical #leadership, advisory, and hands-on roles in #cybersecurity, #infosec, #grc, #privacy, #compliance, #devsecops, and more. Help me find my next adventure!

#CIO, #CISO, or #vCISO roles are ideal, but VP, Director, "Head of...", Architect, or Principle Engineer roles can also be great fits based on the organization and sector. The important thing is having a chance to do something new and exciting, and opportunities to learn & grow.

I also have a lot of experience with #boardofdirectors work, #nonprofit & #NGO operations, #publicspeaking, #writing, and #startup culture. With such a broad background, don't hesitate to reach out about something outside my current wheelhouse.

My main goal is to open a new chapter in my life. Let me surprise you by saying "yes" to something you thought was too far outside the box for me!

#fedihire #jobseach #opentowork #veteran

Added Ruby 3.4.2 to the ruby-versions database. It is now safe for ruby-install users to install Ruby 3.4.2.

$ ruby-install -U ruby 3.4.2

https://www.ruby-lang.org/en/news/2025/02/14/ruby-3-4-2-released/
https://github.com/postmodern/ruby-versions/commit/e7d01d060f83291bde729e402adec39e6f117468
#ruby #ruby_install #rubyinstall

There's an ongoing drive for #FOSS #distributedAI computing, e.g. #aiHorde. It's not perfect & needs a 3rd-party security audit, but is somewhere on the path to more-secure non-local #edgecomputing for devices like phones that can't load large #AImodels or run popular #text2text / #text2image #genAI applications locally.

*NB: Apologies to Horde volunteers if I just bumped your traffic past reasonable limits.*

https://aihorde.net