Thanks for fixing this! I too was having the very slow loading and then timing out,and last night I got the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message, and everything I tried on my end did nothing.
Yeah, saw the same thing, with the same error message. Annoyingly, as a curious technically minded person, I couldn't seem to find a quick way to get any of Chrome, Firefox, "openssl s_client", wget or curl to tell exactly what the "VERSION_OR_CIPHER_MISMATCH" being complained about was. I expect Chrome and Firefox to be anywhere from useless to actively hostile in debugging problems, but openssl, curl, and wget are from Unix developers from whom I expected better debug logs. I admittedly didn't spend a whole lot of time looking...
Some of this might actually be fixed, or at least, in a position where it can be fixed. We had a problem for a while where updating the software was impossible because it caused crashes and largescale fixes were sketchy due to how badly tested it was. Thankfully, with the rise of AI, I can (and have) just point Claude at the codebase and say "write a ton of tests kthx" and now it's a lot less questionable to do work on.
It actually found a few bugs while writing the tests which was pretty funny.
I'm paraphrasing a bit; I ended up with a bunch of prompts, including "write tests to cover every endpoint" and "write tests to increase code coverage" and "stop skipping this specific file, I've seen you consider it six times now and you keep saying it'll be hard and going to do something else, knock it off, go do it for real" and at one point it started just writing tests that verified an endpoint returned a success code instead of actually checking the data and I had to tell it to go back and fix them.
But nevertheless, it was fundamentally "go write a bunch of tests kthx".
What kinds of tests does it write?
Pretty simple ones. In general it's either "call endpoints and verify that the right thing happened in the database", or "change the database and verify that the right thing happened from the endpoint".
How does it know what to expect or assert in the tests?
By reading the code. It's not a black box, it just goes and reads the code. Then it tries stuff.
Then if the stuff didn't work, it reads the error messages and fixes it.
Same way a programmer does it, except it does it while I'm in the kitchen making a snack.
They are undoubtably useful, especially in a domain like writing tests. If you are writing tests post-facto, you have a very well defined problem with a constrained domain, and a massive corpus to consult in terms of style, strategy, etc, etc. We live in a world where hundreds of millions (and I'm probably lowballing) of tests have been written, including tests for some of the hardest math and logic problems known to man. Every leet code website and programming competition out there uses a suite of test cases to verify correctness of submissions.
Honestly writing software tests is almost the optimal use case for an LLM.
I write lots of tests at work, and it's all incredibly domain-specific and trying to use LLMs for it just leads to laughably incorrect test expectations. Hence why I have trouble imagining it just working out of the box.
Claude is probably the best-integrated system out there; use the commandline tool because it's able to go research your codebase on its own.
Make it a CLAUDE.md with general architecture. It can make a CLAUDE.md for you with the /init command, but read over it by hand to make sure it's right.
Make sure thinking is enabled (hit "tab"). If you're asking it to do a really hard thing, use the "ultrathink" keyword, which will give it more space to think.
If you have reference tests to use as a model, point it at those. Telling it something like "read existing tests and use the same general style" can help a lot; if you can be more specific, do so.
Makes sense, I think it all comes down to the corpus of public information available. If similar work can be scraped from one of the half billion repos on github its probably great, otherwise it likely isn't. Most of my work is either web stuff, infra as code, or business logic governed by public policy (rather than internal rules) so it's pretty ideal.
I imagine it would be significantly worse if I were still in global finance, but we often had the same issue as the LLMs. Lack of information and often having to switch tasks while we wait a week for a request for some bespoke implementation details to go up the chain, over to IBM, and back.
Which is what makes them not useful. If you had an employee whose work you had to check every single time, you'd fire him. Why should a machine be held to a lower standard?
If you had an employee whose work you had to check every single time, you'd fire him.
Where I work, that would mean firing everybody - no work gets deployed without at least a second person reviewing and approving the proposed changes. That's a fairly common Quality Assurance practice everywhere, sometimes because an application is critical enough that human failure rates are intolerable, sometimes because a deployment is large enough that even the cost of a tolerable mistake multiples out to be larger than the cost of double-checking to reduce mistake frequency.
AI currently doesn't count as a "second person" for us, but just as a review of human-written code typically takes much less time than writing it did, two reviews (the reviewer plus the "author") of AI-written code can go faster than hand-writing plus review. The last time I reviewed AI-assisted code, the "tell" that AI was used wasn't that there was anything wrong with the code, it was that the documentation was better-written than you generally get from a junior human developer. We apes tend to want to just write the fun stuff and shy away from the tedious stuff.
Why should a machine be held to a lower standard?
Do you know anyone who'll help e.g. write a C/C++ reader for a simple HDF5-based format for ... well, I think that was before we got a work ChatGPT account and I used a free AI that time, but call it $200/month for ChatGPT Pro? I'd never used that API before, and the docs for an API I'd never used before weren't as clear or voluminous as I'd have liked (damn it, everyone else shies away from the tedious stuff too), but searching up and reading better tutorials would have taken an hour or so; double-checking LLM output took five minutes.
If you had an employee whose work you had to check every single time, you'd fire him.
In most of the programming jobs I've been in, code reviews are considered mandatory for all programmers. Everyone's work is checked every single time, and yet we don't all get fired. Humans make mistakes, and we've set up systems to better solve that issue. So do computers pretending to be humans. Nothing out of the ordinary here.
There's a lot of cases where figuring out how to solve a problem is far more complicated than verifying the solution, and those are cases that LLMs are fantastic with.
To be honest, I'm not sure. If it's a DDOS it's a weirdly terrible one that's spending a lot of effort looking like a misbehaving web crawler. On the other hand, if it's a misbehaving web crawler, it's a weirdly terrible one that's spending a lot of effort looking somewhat like a DDOS.
Either that or we've gotten incredibly popular in China over the last week.
There's a bunch of problems here. Yes, China traffic spiked, but it didn't spike that much. Also, now that the analytics have caught up, it spiked a day or two before the server problems began, and everything's back to normal. So . . . was it bots? Eh, maybe, maybe not. And while I can get a long list of IPs, it's not clear that there was any significant pattern within that.
I see, I've heard from others there are a lot of ill behaved and dumbly written crawler bots coming from alibaba cloud/other asian market datacenters. So much so people are blocking whole country wide ranges. A funny anti-bot measure some one suggested to combat a HK bot was to reply with porn and tattle to the host/authorities. (vanilla Porn possession is a crime there)
Yeah I get a fair bit of traffic from china on my crappy little website, up 25% this month. It's at least half my traffic tbh and not a single actual Chinese user, at least not one who uses any mandarin... But LLMs that are trained then direct people to me, so there are swings and roundabouts.
On the other hand, if it's a misbehaving web crawler, it's a weirdly terrible one that's spending a lot of effort looking somewhat like a DDOS.
AI crawlers tend to do that. There are a number of complaints from smaller sites that are getting smothered by badly written crawlers collecting data for AI training.
Either that or we've gotten incredibly popular in China over the last week.
The thing that's weird about this, though, is that it ramped up gradually over a period of a week. And it's hard to believe that us specifically would get a massive increase in traffic over simultaneously such a long and a short period of time.
That said, I may have solved it; I think we were just on a crummy cloud computer, I recycled the node and performance is fine again. Gotta remember that for next time.
That's just the Internet now. 99%+ of web traffic is AI crawlers that are 100x more aggressive than any search engine crawler used to be. Try https://anubis.techaro.lol/.
Blacklisting every Chinese IP address probably also works since anybody using this site from China ought to know how to use a VPN. But there are plenty of these bots outside China too, so that's only a middling solution.
Last edit as I type is the "Sigh, not solved", but for what it's worth, whereas for ~36 hours the site has been so slow for me I thought it was entirely down, right now it seems completely back to normal.
This website is a place for people who want to move past shady thinking and test their ideas in a
court of people who don't all share the same biases. Our goal is to
optimize for light, not heat; this is a group effort, and all commentators are asked to do their part.
The weekly Culture War threads host the most
controversial topics and are the most visible aspect of The Motte. However, many other topics are
appropriate here. We encourage people to post anything related to science, politics, or philosophy;
if in doubt, post!
Check out The Vault for an archive of old quality posts.
You are encouraged to crosspost these elsewhere.
Why are you called The Motte?
A motte is a stone keep on a raised earthwork common in early medieval fortifications. More pertinently,
it's an element in a rhetorical move called a "Motte-and-Bailey",
originally identified by
philosopher Nicholas Shackel. It describes the tendency in discourse for people to move from a controversial
but high value claim to a defensible but less exciting one upon any resistance to the former. He likens
this to the medieval fortification, where a desirable land (the bailey) is abandoned when in danger for
the more easily defended motte. In Shackel's words, "The Motte represents the defensible but undesired
propositions to which one retreats when hard pressed."
On The Motte, always attempt to remain inside your defensible territory, even if you are not being pressed.
New post guidelines
If you're posting something that isn't related to the culture war, we encourage you to post a thread for it.
A submission statement is highly appreciated, but isn't necessary for text posts or links to largely-text posts
such as blogs or news articles; if we're unsure of the value of your post, we might remove it until you add a
submission statement. A submission statement is required for non-text sources (videos, podcasts, images).
Culture war posts go in the culture war thread; all links must either include a submission statement or
significant commentary. Bare links without those will be removed.
Jump in the discussion.
No email address required.
Notes -
Thanks for fixing this! I too was having the very slow loading and then timing out,and last night I got the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message, and everything I tried on my end did nothing.
Good to know it wasn't me that broke it 😀
Yeah, saw the same thing, with the same error message. Annoyingly, as a curious technically minded person, I couldn't seem to find a quick way to get any of Chrome, Firefox, "openssl s_client", wget or curl to tell exactly what the "VERSION_OR_CIPHER_MISMATCH" being complained about was. I expect Chrome and Firefox to be anywhere from useless to actively hostile in debugging problems, but openssl, curl, and wget are from Unix developers from whom I expected better debug logs. I admittedly didn't spend a whole lot of time looking...
More options
Context Copy link
More options
Context Copy link
It's not just you. Working on it. :)
(Should be better now, I'll let it sit for half an hour or so and see how it's going. More work may be needed.)
(Edit: Sigh, not solved. Still working on it.)
(This may now be fixed; I think we were just running on bad hardware.)
It seems to be fixed now. Thanks for all your work!
More options
Context Copy link
I think you got it! Thanks!
Btw everybody here’s the patreon: https://www.patreon.com/themotte
On that note, is there any option for one-time contributions (other than subscribe then cancel, but pay patreon fee + VAT)?
More options
Context Copy link
More options
Context Copy link
It's been kinda slow for a long, long time (intermittenly most of last year?).
Not a huge deal because once it loads you usually don't have a problem but sometimes it'd take 10seconds to render etc. Or so I remember.
Some of this might actually be fixed, or at least, in a position where it can be fixed. We had a problem for a while where updating the software was impossible because it caused crashes and largescale fixes were sketchy due to how badly tested it was. Thankfully, with the rise of AI, I can (and have) just point Claude at the codebase and say "write a ton of tests kthx" and now it's a lot less questionable to do work on.
It actually found a few bugs while writing the tests which was pretty funny.
How does that work? What kinds of tests does it write? How does it know what to expect or assert in the tests?
I'm paraphrasing a bit; I ended up with a bunch of prompts, including "write tests to cover every endpoint" and "write tests to increase code coverage" and "stop skipping this specific file, I've seen you consider it six times now and you keep saying it'll be hard and going to do something else, knock it off, go do it for real" and at one point it started just writing tests that verified an endpoint returned a success code instead of actually checking the data and I had to tell it to go back and fix them.
But nevertheless, it was fundamentally "go write a bunch of tests kthx".
Pretty simple ones. In general it's either "call endpoints and verify that the right thing happened in the database", or "change the database and verify that the right thing happened from the endpoint".
By reading the code. It's not a black box, it just goes and reads the code. Then it tries stuff.
Then if the stuff didn't work, it reads the error messages and fixes it.
Same way a programmer does it, except it does it while I'm in the kitchen making a snack.
More options
Context Copy link
More options
Context Copy link
Wow, that is truly amazing. And, hilariously, it's going to be a very powerful datapoint for our constant "are LLMs actually useful?" debates.
They are undoubtably useful, especially in a domain like writing tests. If you are writing tests post-facto, you have a very well defined problem with a constrained domain, and a massive corpus to consult in terms of style, strategy, etc, etc. We live in a world where hundreds of millions (and I'm probably lowballing) of tests have been written, including tests for some of the hardest math and logic problems known to man. Every leet code website and programming competition out there uses a suite of test cases to verify correctness of submissions.
Honestly writing software tests is almost the optimal use case for an LLM.
I write lots of tests at work, and it's all incredibly domain-specific and trying to use LLMs for it just leads to laughably incorrect test expectations. Hence why I have trouble imagining it just working out of the box.
I don't know what you've tried, but:
/initcommand, but read over it by hand to make sure it's right.More options
Context Copy link
Makes sense, I think it all comes down to the corpus of public information available. If similar work can be scraped from one of the half billion repos on github its probably great, otherwise it likely isn't. Most of my work is either web stuff, infra as code, or business logic governed by public policy (rather than internal rules) so it's pretty ideal.
I imagine it would be significantly worse if I were still in global finance, but we often had the same issue as the LLMs. Lack of information and often having to switch tasks while we wait a week for a request for some bespoke implementation details to go up the chain, over to IBM, and back.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
LLMs are useful if you check what they're saying.
Which is what makes them not useful. If you had an employee whose work you had to check every single time, you'd fire him. Why should a machine be held to a lower standard?
Where I work, that would mean firing everybody - no work gets deployed without at least a second person reviewing and approving the proposed changes. That's a fairly common Quality Assurance practice everywhere, sometimes because an application is critical enough that human failure rates are intolerable, sometimes because a deployment is large enough that even the cost of a tolerable mistake multiples out to be larger than the cost of double-checking to reduce mistake frequency.
AI currently doesn't count as a "second person" for us, but just as a review of human-written code typically takes much less time than writing it did, two reviews (the reviewer plus the "author") of AI-written code can go faster than hand-writing plus review. The last time I reviewed AI-assisted code, the "tell" that AI was used wasn't that there was anything wrong with the code, it was that the documentation was better-written than you generally get from a junior human developer. We apes tend to want to just write the fun stuff and shy away from the tedious stuff.
Do you know anyone who'll help e.g. write a C/C++ reader for a simple HDF5-based format for ... well, I think that was before we got a work ChatGPT account and I used a free AI that time, but call it $200/month for ChatGPT Pro? I'd never used that API before, and the docs for an API I'd never used before weren't as clear or voluminous as I'd have liked (damn it, everyone else shies away from the tedious stuff too), but searching up and reading better tutorials would have taken an hour or so; double-checking LLM output took five minutes.
More options
Context Copy link
In most of the programming jobs I've been in, code reviews are considered mandatory for all programmers. Everyone's work is checked every single time, and yet we don't all get fired. Humans make mistakes, and we've set up systems to better solve that issue. So do computers pretending to be humans. Nothing out of the ordinary here.
There's a lot of cases where figuring out how to solve a problem is far more complicated than verifying the solution, and those are cases that LLMs are fantastic with.
Absolutely. Doing code reviews (even comprehensive line-by-line ones) is a lot less effort for me than writing the code in the first place.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
This matches my experience- LLMs move the programming workload from writing to reviewing/mentoring.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
Working much better today.
Thank you for all your tireless work Zorba, you really are the unsung hero of this space.
Honestly, I'll take some credit, but the mods have been putting a lot more work into it lately than I have. Give them most of that credit :)
More options
Context Copy link
More options
Context Copy link
Glad to know I’m not crazy
Well… not about this, at least.
More options
Context Copy link
More options
Context Copy link
Hope the eye of sauron hasn't set it gaze upon our little forum
More options
Context Copy link
Was this an intentional DDOS attack on the site?
To be honest, I'm not sure. If it's a DDOS it's a weirdly terrible one that's spending a lot of effort looking like a misbehaving web crawler. On the other hand, if it's a misbehaving web crawler, it's a weirdly terrible one that's spending a lot of effort looking somewhat like a DDOS.
Either that or we've gotten incredibly popular in China over the last week.
If this happens again, have you considered responding to the crawlers with the equivalent of the "banned chinese wall of text"
There's a bunch of problems here. Yes, China traffic spiked, but it didn't spike that much. Also, now that the analytics have caught up, it spiked a day or two before the server problems began, and everything's back to normal. So . . . was it bots? Eh, maybe, maybe not. And while I can get a long list of IPs, it's not clear that there was any significant pattern within that.
I see, I've heard from others there are a lot of ill behaved and dumbly written crawler bots coming from alibaba cloud/other asian market datacenters. So much so people are blocking whole country wide ranges. A funny anti-bot measure some one suggested to combat a HK bot was to reply with porn and tattle to the host/authorities. (vanilla Porn possession is a crime there)
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
Yeah I get a fair bit of traffic from china on my crappy little website, up 25% this month. It's at least half my traffic tbh and not a single actual Chinese user, at least not one who uses any mandarin... But LLMs that are trained then direct people to me, so there are swings and roundabouts.
More options
Context Copy link
AI crawlers tend to do that. There are a number of complaints from smaller sites that are getting smothered by badly written crawlers collecting data for AI training.
Which strongly points to the above.
The thing that's weird about this, though, is that it ramped up gradually over a period of a week. And it's hard to believe that us specifically would get a massive increase in traffic over simultaneously such a long and a short period of time.
That said, I may have solved it; I think we were just on a crummy cloud computer, I recycled the node and performance is fine again. Gotta remember that for next time.
"Noisy neighbor problem" is a very real thing in the clouds.
Yeah. I'm very glad I set things up in a way where I could just move the servers easily.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
Prepare to be assimilated into DeepSeek.
More options
Context Copy link
That's just the Internet now. 99%+ of web traffic is AI crawlers that are 100x more aggressive than any search engine crawler used to be. Try https://anubis.techaro.lol/.
Blacklisting every Chinese IP address probably also works since anybody using this site from China ought to know how to use a VPN. But there are plenty of these bots outside China too, so that's only a middling solution.
And Chinese botmasters could just buy VMs at any non-Chinese cloud provider. Which they probably already do.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
Last edit as I type is the "Sigh, not solved", but for what it's worth, whereas for ~36 hours the site has been so slow for me I thought it was entirely down, right now it seems completely back to normal.
Thanks again for all you do here!
More options
Context Copy link
Thanks for the hard work, seriously.
More options
Context Copy link
More options
Context Copy link