sigmoid.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A social space for people researching, working with, or just interested in AI!

Server stats:

599
active users

#swdev

2 posts1 participant2 posts today
Continued thread

In the end, nothing worked. I did it the old school way, googled the problem, found the answer on the first google hit on Stack Overflow.

Then, confronted with the solution, Cursor was able to also fix it.

So, I would say a deep integration into the IDE is really a benefit when it comes to run code, shell commands and read console output.

But be careful not to lose yourself in the vibe.

3/x
#swdev #programming #vibecoding #cursor_ai

Continued thread

Having this in your toolbox for certain tasks is great, if you know what you’re doing. But relying on it blindly is a huge risk.

Also funny is how it sometimes get completely stuck. Something was not working, and it tried funny and weird things to fix it. It was creating test programs A,B,C to ask me to run them and respond which version was working to (UI) and then apply the fix to the actual „prod“ code.

2/X

Yesterday, I vibe coded a bit with Cursor AI for a private project for fun. It is actually pretty cool on a first glance. Even a bit addictive TBH. The problem with that is, that most people will not click and expand the generated code snippets and review that. You are on a different abstraction level, thinking of features rather than sw development which is quite interesting. But, this leads to massive chunks of unknown code pushed to production.

1/x

As much of big fan of #IntelliJ I am, as much do I hate working with #Rider. It just not a consistent experience if know all the bits and pieces of IntelliJ, Rider works slightly but annoyingly differently and it very often hangs and crashes. The might happen due to plugins, but I never had this bad experience with IntelliJ with a ton of plugins.

An no, I will not use VS or VScode for reasons.

Please @jetbrains , put some love in @rider .

#ide #swdev
#csharp #programming

It’s quite obvious. The training data is based on tutorials and examples that usually do not contain the more complex stuff and „vibe coders“ using it don’t know anything about SW dev and security as well.

Same will happen with UX, performance and accessibility.

This is the result. Great stuff.

So what’s the future? Cheap vibe coders will build crappy software and then sw devs are called in when everything is burning?

#swdev #vibecoding #programming mastodon.social/@quillmatiq/11

MastodonAnuj Ahooja (@quillmatiq@mastodon.social)Attached: 1 image The vibe-coding trend is going to end up being one of the biggest national security risks we've seen in the software industry https://flipboard.com/@semafor/semafor-qhf227ugz/-/a-Rkaq4LdoR7y9sCQ38tqofQ%3Aa%3A3943444710-%2F0

How would you keep secrets out of your application logs? This article by Allan Reyes covers approaches that tackle this problem - among others - through the design of your logging / data architecture and using dedicated data types to handle sensitive information in a safe way.

#defendabledesign #appsec #swdev

allan.reyes.sh/posts/keeping-s

allan.reyes.sh · Keeping Secrets Out of LogsThere's no silver bullet, but if we put some "lead" bullets in the right places, we have a good shot at keeping sensitive data out of logs.

Software developers: Are there any obvious libraries or tools for wrapping binary files in some sort of container for reliable distribution and processing on end devices?

Specifically, I need to distribute binary update files to end devices. They are likely going to be manually handled by end users, copied to USB sticks, etc.

I don't have particularly special requirements, so I don't want to reinvent the wheel if I can avoid it, and I don't want to build tools if there already are some without the bugs that I'll be putting in.

I've been contemplating using OpenBSD signify but I'm only lightly familiar with it.

I'd like something that'd let me embed some metadata that is easy and fast to scan for and extract so I can easily find updates instead of relying on filename patterns.

I don't think any of this is very hard to do, but if it's already out there, and it seems like it should be, please let me know.

Colleague: "Hey I used that tool you made but it gave me this error: <pastes error log detailing what went wrong and how to fix it>"
Me: *copies a portion of the error message and pastes it into the chat*
Colleague: OK, thanks.

Reading error messages feels like haruspicy¹ most of the time, and this has trained many people to avoid even trying. It feels bad when I put effort into writing humane, useful error messages and they get ignored.

¹ en.wikipedia.org/wiki/Haruspex

en.wikipedia.orgHaruspex - Wikipedia

TIL of a deliberate source of Heisenbugs in the default sshd config:

MaxStartups 5:50:10

This means: Allow up to 5 simultaneous "starting" SSH connections. Between 5 and 10 starting connections, drop them randomly 50% of the time. Above 10: Do not allow any new SSH connections to start.

Took me a long time to diagnose why a particular combination of concurrent SSH processes would fail occasionally when connecting to this embedded machine.

simplified.guide/ssh/limit-sim

www.simplified.guideHow to set maximum SSH connections and sessions on a Linux Server