I ran quite early into the same issues with my rust pet projects. Single structs with tons of Option<T> and validation methods etc. enums for type fields combined with says optional fields in the same layer so accessor methods all return Option<T>.
I add now a long list of instructions how to work with the type system and some do’s and don’ts. I don’t see myself as a vibe coder. I actually read the damn code and instruct the ai to get to my level of taste.
Would you be interested in sharing your findings? I'm currently experimenting with LLM-generated rust and honestly think it works quite well, however I'm looking for ways to improve the "taste" of the agent.
> there is no security benefit to filtering out unneeded url parameters.
What about passing extra data to fill the server memory with either extra known junk or a script / executable to use with a zero day in an internal component or something.
To misuse the nightclub analogy: it’s like checking for bags not being larger than A4 and disallow knives and other weapons.
Interesting. Sadly my super biased personal issue with any tool that needs nodeJS and its infrastructure is an immediate downer. Last tools like openspec and oh-my-codex etc I tried via a nix shell. Will take a look.
I also swing a bit back and forth with the assumption the OP makes in the blogpost. My current fear using agents is not really supply chain attacks (yes of course as well) but the fact that I witnessed multiple times that agents are so eager to finish a task that they bend files and other things around. Like “oh I have no access to ~/.npmrc let’s call the command with an environment variable and bend the path around etc. They can get very very creative. I luckily have no ssh keys just laying around. But I had to change the setting of 1Password to always prompt for key use not just once per shell session. Just in case I spawn an agent from said session.
I wished we already had more and better cross platform sandbox solutions. I mean solutions where the agent still interacts with the same OS etc not inside a docker container. I think for most web / server development that makes no difference but for some projects it does.
Explains why LEGO had a leg up for multiple years. You can’t just change the color pigments and hope the parts fit in the same way. Of course these times are over and other brick manufacturers caught up or overtook Lego.
Yes quality. I forgot the Chinese manufacturer that resells their bricks to pantasia or moldking. But the quality especially for metal or translucent bricks is on par and in a lot of cases better than the Lego offerings.
And calling Lego a toy company is a stretch. Their main demographic is 30-50 year olds with disposable income.
Just want to mention I have no beef or issue with Lego. I say that you get great offerings from other brands as well now.
Other GitHub metadata goes into the .github folder as well. And that is expected to be commuted. Like action workflows/actions and CodeOwners Pull and issue templates etc.
Zed is my daily driver for the last couple of month. I tried it a few times before but had to switch to various other editors for different projects. But my plan was to finally ditch VSCode as my normal file editor. I really love how fast the editor fires up. I also love the fact that it has great vim binding not just in the editor pane.
There is Apple enterprise for this reason. Depending on the set of APIs you want to use (which should be limited since you spoke of webapps), it allows you to distribute internal business apps.
Don’t know how known this is. But we use it mainly for internal testing.
> The Apple Developer Enterprise Program allows large organizations to develop and deploy proprietary, internal-use apps to their employees
> Your organization must:
> Have 100 or more employees
Again, it's clear that they're providing this out so that organizations with power don't have to start a fight, while small organizations can't do anything.
Even aside from that, it's clearly going to be so much work that we wouldn't be able to do it. I'm the only developer at the company, I cannot get bogged down in Apple review processes.
So this means no iPhone Air 2 in Europe? I can hardly see Apple wiggle around the special tools requirement when these batteries are glued and sealed shut in the devices.
[edit] didn’t see the fine print with the cycles requirement etc. so it seems Apple etc is still safe.
I add now a long list of instructions how to work with the type system and some do’s and don’ts. I don’t see myself as a vibe coder. I actually read the damn code and instruct the ai to get to my level of taste.
reply