TehPers

I recently built a voice-to-text agent in Rust

Agent…? Uh, okay, let’s just use that word for everything now.

I did not have the Rust toolchain installed on my system. I simply told the coding agent that I use Nix, and it figured out how to pull in the entire Rust toolchain through Nix, compile the project inside an isolated shell and produce a working binary.

Sorry, where is the part where you built something?

Anyway, NixOS gets a lot of praise. Maybe it’s something I should try if Manjaro doesn’t survive its current drama (though it seems like they have a path forward now).

What’s with all these articles assuming some fictional reality that coding is replaced by LLMs now? Find me a tool that can build any software anyone wants to build, then ask yourself if you trust that tool to do your taxes for you (if you’re in the US anyway), book an entire 3 week $10k vacation for you, manage your finances and set budgets for you, and so on.

What software does the author think people will build with these tools that’s “fast fashion” style slop? Even assuming a non-coder wants some random one-off software for something, in what world would they ask a LLM to write it for them rather than look for an existing program that does what they want?

In the dev world, LLMs have proven that they cannot build production-quality software by themselves. They can build pretty demos maybe, but everything from Amazon’s tool recreating prod to whatever the fuck the Windows devs are doing shows that trusting an LLM to work on real software will eventually backfire.

Working with ML libraries is a lot different than traditional software dev since those tend to be a lot more loosely typed and grounded in mathematics (linear algebra, calculus, etc).

To answer all of your questions at once: just keep writing code. Work on a lot of projects! Try reading the source code for other projects, like the libraries and tools you use.

Try to use LLMs as little as possible when writing code as well. It won’t help you practice.

This is neat! It might be useful to turn this into more of a CLI utility by having a mode for accepting some Gregorian date via stdin or CLI option, and outputting a parseable format for the Symmetry454 date via stdout. I’d recommend looking at the argparse module if you’re interested, though there are some third party packages that can make it even easier to parse program arguments.

They take something like “please sort your imports. We agreed to use isort last week” as a personal attack.

I would take this personally as well, to be honest. Using isort over Ruff? Blasphemy.

Is that little Bobby Tables? I guess he’d be grown up now, but he’ll always be little to me.

We have #5, but some (non-breaking) feedback can still be deferred to a future follow up issue.

This is usually my preferred option, but usually i differentiate between blocking and non-blocking feedback in my reviews. Non-blocking is some improvement that can be made, but is not necessary, like cleaning up some (tangentially-related) code. Blocking is anything that is logically incorrect, unreadable, uses deprecated features unnecessarily, etc.

Yes, it’s necessary. Even if everyone writes perfect, bug-free code, people learn from code reviews.

Windows 11 is getting a few nice changes. The problem is I’m on Linux now. I’m not going back unless it becomes better than Linux by enough to make me bother switching again.

Are people praising him? I’ll admit I haven’t looked much, but very little would redeem that man for me. He’d have to solve world hunger or reverse climate change or something for me to reconsider my opinion of him.

There’s a saying about broken clocks that applies here. Carlson is broken, so naturally he’d be right twice per day.

The list of countries that could be is shockingly long. In this case, it seems likely to be Singapore, at least based on the post.

Well, to no surprise, Slay the Spire 2. Still in early access, and still an amazing game. The balance is a bit all over the place, but that’s expected with it in EA. Compared to the first game, it’s a direct improvement (save for the balance). The new characters are a lot of fun to play and bring new, interesting mechanics to the game. Heck, Defect has some new content as well, including a status build of all things.

Otherwise, modded Terraria on a server I’m hosting with some friends. The new update is really good, but even 1.4.4 (which tModLoader is still on) has some awesome mods. Honestly, I’m excited for when tModLoader releases for the new update, though I know that will take some time.

As someone with fat fingers and autocorrect disabled, I wish I had 22 wpm with high accuracy.

And before you suggest autocorrect, I use a lot of acronyms and jargon that autocorrect often fails at. It gets annoying enough that I’d rather just type stuff out myself.

I’ve mentioned the long-term effects I see at work in several places, but all I can say is be very careful how you use it. The parts of our codebase that are almost entirely AI written are unreadable garbage and a complete clusterfuck of coding paradigms. It’s bad enough that I’ve said straight to my manager’s face that I’d be embarassed to ship this to production (and yes I await my pink slip).

As a tool, it can help explain code, it can help find places where things are being done, and it can even suggest ways to clean up code. However, those are all things you’ll also learn over time as you gather more and more experience, and it acts more as a crutch here because you spend less time learning the code you’re working with as a result.

I recommend maintaining exceptional skepticism with all code it generates. Claude is very good at producing pretty code. That code is often deceptive, and I’ve seen even Opus hallucinate fields, generate useless tests, and misuse language/library features to solve a task.

If you’re interested in more DDoS-style attacks, Cloudflare has an article that goes over the topic as a whole as well as in-depth topics for different common attacks. They also have reports that cover the kinds of DDoS attacks they’ve seen through their servers. You’ll notice they mention SYN floods as one of the attacks they commonly see. Amplification attacks have also risen in popularity, generally speaking, where the request gets amplified by vulnerable DNS/NTP/etc servers.

OWASP is an excellent learning resource as well, and covers many different topics in-depth around web security.

Okay wow, let’s break this down…

1. Unrelated to your question, but I’d recommend FastAPI over Flask. But anyway…
2. CSRF protections should not be disabled unless you need to. For local debugging, it can be fine, but there’s no real reason not to keep it enabled. “It’s annoying” is rarely a good reason to disable a protection.
3. Now, to answer your question finally: based on the flask-wtf docs, the call to CSRFProtect(app) enables protections globally. Consider removing that call if you want to disable CSRF protection. Alternatively, @csrf.exempt can disable protection on a view, and setting WTF_CSRF_CHECK_DEFAULT to False disables it by default on all views (and you can selectively enable it per-view).
4. Also, while you’re at it, make sure you’re using up-to-date versions of Flask and flask-wtf. If not, check the docs for the specific versions you’re using.

Pros: leadership wants to do your job. Chill out, let them do it, then laugh at them when it fails. You’ll at least have a relaxing job up until they either fire you in their idiotic confidence or beg you for help.

Cons:

it’s managed to blow up and nuke production

You know, I remember reading a similar story about AWS recently…

Cook time: 1 minute

Ingredients:

• 1 Banana
• 1 Muffin

Directions: Peel the banana monkey style (from the bottom, not from the stem). Use your finger to put a hole through the center of the muffin. Insert the banana into the muffin. Enjoy warm.

There are ways to showcase sponsored content, like educational videos on how a product works or what products like it do. Then there are NordVPN sponsorships, where you just lie to the viewer.

The former requires the creator to actually do something. The latter is just talking points the sponsor gives to them.

I was referring to Reddit, not YouTube.

I use FreeTube all the time. If you are picky about what you watch, then there’s a lot of great creators on there.

YouTube is not a forum. YouTube shorts has the same issues though.

Edit: also YouTube comments is a cesspool but I forgot they exist lol.