I commented elsewhere but our team built a custom static analysis engine for JS/TS specifically for the dep update use-case. It was hard, had to do synthetic execution, understands all the crazy remapping and reexporting you can do, etc. Even then it’s hard to penetrate a complex Express app due to how the tree is built up.
We’ve built a modern dependabot (or works with it) agent: fossabot analyzes your app code to know how you use your dependencies then delivers a custom safe/needs review verdict per upgrade or packages groups of safe upgrades together to make more strategic jumps. We can also fix breaking changes because the agents context is so complete.
We have some of the best JS/TS analysis out there based on a custom static analysis engine designed for this use-case. You get free credits each month and we’d love feedback on which ecosystems are next…Java, Python?
Totally agree with the author that static analysis like govulncheck is the secret weapon to success with this problem! Dynamic languages are just much harder.
We have a really cool eval framework as well that we’ve blogged about.
Thanks for sharing, really helpful to see your thinking. I haven't fully embraced FaaS myself but never regretted it either.
Curious to hear more about Renovate vs Dependabot. Is it complicated to debug _why_ it's making a choice to upgrade from A to B? Working on a tool to do app-specific breaking change analysis so winning trust and being transparent about what is happening is top of mind.
When were you using quay.io? In the pre-CoreOS years, CoreOS years (2014-2018), or the Red Hat years?
no, but still being super impressive. CEO of a company rebuilding a CAD rendering engine because they put an LLM on top of it. So you describe the mechanical specs of the part you want and it models it. Takes all the tedium out of modeling stuff. Super cool and many applications.
Same author talked about adversarial license plates that trick these cameras with a sequence of black blocks, discussed here in original form [1]. He is interested in breaking both the plate detection (ideal) and character recognition (good). The examples are pretty cool looking.
There were laws in many places where you could fight a traffic ticket because you couldn't plainly recognize a police vehicle, especially when a taillight or headlight is out, but now we pay for graphics to make them more invisible. "If you have nothing to hide, you have nothing to worry about." I like the plausible deniability angle, myself
Totally agree that AI is great for this, it will work harder and go deeper and never gets tired of reading code or release notes or migration guides. What you want instead of summaries is to find the breaking changes, figure out if they matter, then comment on _that_.
If a giant chunk of the constellation can act as a truly huge antenna, what can you get from that? Super high resolution? Seek/dwell time on a target that is effectively infinite?
No need for the satellite manufacturer to be the same as the launch provider, and there's nothing at all special about short-lived commodity satellites for LEO constellations. SpaceX is going to be cost-effective at building them given their experience with Starlink, but cost isn't typically a major concern of the US govt, and certainly not a higher priority than concerns about the satellite operator frequently suggesting that access to his satellites might be contigent upon his views on a particular conflict.
> but cost isn't typically a major concern of the US govt
tell that to any project that has had their budget slashed or out right canceled because somebody thought their project was a waste of money. every contractor is bidding unless your name is Halliburton. what's the famous astronaut quote about sitting on top of a rocket built by the lowest bidding contractor?
2/3 of Falcon 9 launches are for Starlink. No outside revenue. SpaceX continues to require new investment rounds. So the whole "driving costs down" thing might only work until investors expect some actual free cash flow.
There have been 11 test launches of starship. You might've missed the last one because it didn't do anything new, except shedding parts and exploding less. There's a pretty good chance that program will never beat the cost of Falcon Heavy, or that the technology, like multiple refueling flights to get beyond low Earth orbit, is ever made workable.
The last Starship launch was indeed unspectacular because it didn't try pushing the envelope particularly hard. The previous launches were much more precarious, with many fire balls. But I'm a strong believer in iterative development. It's bad PR when everyone can see every failed prototype, but the "design it once, simulate, and make sure the first prototype flies without issues" boxes you in to conservative design decisions.
Well, if 2/3 of SpaceX's current launches are for Starlink (which deploys satellites in LEO), isn't a two-stage, fully reusable vehicle optimized for LEO deployment the thing SpaceX would want to build?
In terms of "free cash flow" expectations, are you aware that approximately 90% of "space" revenue and profit comes from satellite telecom services, with launch services accounting for about 10% of the mix? SpaceX's development of a telecommunications constellation (Starlink) is highly consistent with historical industry patterns of what makes profit in space.
If SpaceX only had contract money as revenue, they'd be fine but they probably would not be innovating as fast. The investment rounds are to pay for Starlink build-out and Starship.
How could you even think the opposite to be a better option?
The US does suffer from a serious amount of issues politically (I'm 100% convinced that presidential republics are flawed) but it's still an organization with plenty of checks requiring popular mandate.
No single private individual should ever hold this kind of influence imho, not even if it is Gandhi or a saint and Musk is quite the other end of the spectrum.
reply