While doing programming challenges in Advent of Code, I came across an interesting behavior of LLMs in coding assistants and decided to write about it to clear my thoughts.

First some background.

Advent of Code is a series of daily coding challenges released during the season of advent (the period just before Christmas). Each challenge has 2 parts, and you must solve part 1 before the part 2 is revealed. Part 2 is harder than Part 1, and usually requires re-writes to solve. Sometimes quite extensive rewrites, and others they are small incremental steps.

If you haven't done these challenges before, I encourage you to try. None of them are easy (at least to me), but all of them solvable with enough elbow grease and time.

That said, the challenges are still contrived. Firstly, the questions are much better written that what you'd see in a Jira ticket or requirements document,. They include a detailed description of what must be done, and sample inputs and outputs you can test. Secondly, the challenges extend beyond what most coders do on a daily basis, one challenge required writing a small program to 'defrag' a disk, another required building a tiny assembler that ran it's own program, and multiple questions involved you navigating a 2D maze with obstacles along the way. All fun things you will probably not do as a programmer in the real world.

I took on the challenges, both to improve my coding skills, and to learn how I could use coding assistants like in these close to real-world scenarios. The hope was I would gain some insight into how I could use these tools more effectively should I need to do something more than solving contrived programming challenges before Christmas.

OK. Background complete.

Let's move onto the challenge that changed the way I would look at LLMs forever.

A list of articles/post/videos I come back to over and over again.

We've all seen the "tiny gains post". How if you get one percent better each day for one year, you’ll end up thirty-seven times better by the time you’re done."

Well......

First of all, 1% isn't 'tiny'. I know a few bankers who'd sacrifice their first born for a daily increment of 1% on their portfolio. After all, how many bankers do you know have a 37x return on anything over a year.

Secondly, getting 1% better everyday is not possible. Just getting better everyday is not possible.

If you train in cycling, improving your speed by 7% every week is a ridiculously impossible goal. In cycling we measure power output, so if you improve 1% everyday, no matter where you start from -- you'll be out-sprinting Mark Cavendish within a year.

So forget 1% everyday.

1% sounds small -- but doing it everyday puts is a fairy-tale. That said.... the idea that making small consistent gains instead of large but inconsistent improvements is a good idea.

All architects know what's best practice, but only good architects know when to use them.

I've been in plenty conversations where someone goes "we should do X because it's best practice" -- and act that the discussion ended.

Best practice is what works for most people, most of the time. It isn't something that works for everyone all of the time -- otherwise we would mandate it across the board and architects would be out of their jobs.

It's been 6 years now since the big sayakenahack debacle. I won't go into details on what happened, but ... I thought it'd be nice to take a stroll down memory lane with some pictures :)

On September 2021, malaysiakini reported on a website called mysppl, that was selling personal data online. The site used previous breached data on Malaysians, and was selling it to anyone with a credit card (or Grabpay account).

Note to aspiring criminals.. the last thing you want when doing something illegal like selling personal data ,is to tie that back to Bank Account by accepting payments. But I guess, anything goes these days.

Anyway...

I decided to see whether I could use generic Open Source Intelligence (OSINT) techniques to try to find out who is behind the site, and this post is about my journey through that process.

Let's go...

`I've been playing guitar for over 25 years -- but I still suck at it.

I spent my first ever bonus I got (~RM2,000) on a brand new Norman Guitar, and now I'm the proud owner of multiple expensive guitars and amps ... but all that expensive gear hasn't improved my playing one iota. Even though I used religiously change my guitar strings every month.

I found a few tutorials online to do this, but they're old and don't 100% work. So here's some quick steps on how you might sign your git commits with GPG keys stored on your Yubikey.

Since I'm a mac user, these steps are specifically for macOS, for Windows check out Scott Hanselman's great post here.

So you think Ivermectin works.

You studied the data, you've read all the medical studies you could find, you've seen hours of YouTube videos where doctors swear by the drug, and you've even spent days (or weeks) researching on your on. Finally you conclude, that the data suggest Ivermectin is an effective treatment against COVID-19.

Most of the time, adding a python package to a Lambda function is a simple task. You pip install to a directory, and then copy that directory to the function either directly or through a lambda layer.

But sometimes, there's extra work required.

Packages like opencv install additional files on your system that aren't available in the same directory you pip installed into. When you pip install opencv-python-headless, additional .so files are downloaded to special directories in your environment to provide the openCV functionality.