I think there's a lot to pick apart here but I think the core premise is full of truth. This gap is real contrary to what you might see influencers saying and I think it comes from a lot of places but the biggest one is writing code is very different than architecting a product.
I've always said, the easiest part of building software is "making something work." The hardest part is building software that can sustain many iterations of development. This requires abstracting things out appropriately which LLMs are only moderately decent at and most vibe coders are horrible at. Great software engineers can architect a system and then prompt an LLM to build out various components of the system and create a sustainable codebase. This takes time an attention in a world of vibe coders that are less and less inclined to give their vibe coded products the attention they deserve.
An advantage I have enjoyed is that I am insanely careful about my fundamental architecture and I have a project scaffold that works correctly.
It has examples of all the parts of a web app written, over many years, to be my own ideal structure. When the LLM era arrived, I added a ton of comments explaining what, why and how.
It turns out to serves as a sort of seed crystal for decent code. Though, if I do not remind it to mimic that architecture, it sometimes doesn't and that's very weird.
Still, that's a tip I suggest. Give it examples of good code that are commented to explain why its good.
I get 'unable to connect' in Firefox Android for this and many little blogs on HN lately, idk what's going on. Cloudflare blocking me (but not for all sites)? Geo-restriction (UK)?
It doesn't always 10x my development but on certain problems I can work 30x faster. In due time, this is only going to accelerate more as tooling becomes more closely integrated into dev workflows.
> This blog is now STATELESS. The entire post is contained in the URL that you are visiting now. All my "blog" is now is a hard-coded main page that contains links to posts I claim authorship of. Of course the entire post is contained in each of these links.
Watch out: virus/scam/spam sites can detect sites like yours and write tons of redirects, link them somewhere, and use your site's good reputation to get their scams on the home page. This is also a huge problem for redirect services.
If the wrong person publishes the wrong link, you can get your domain banned from Google and tons of other sites as a "security risk", which can spread to your email (if you use @joshcsimmons.com).
It's fine if you don't care about blacklists of course, but this kind of abuse can easily sneak up on you.
The client-side XSS is mostly harmless (assuming you don't have any other sensitive services running with cookies scoped to this domain), although it's technically a persistent XSS, which means it could be indexed by search engines.
But is there a server-side component to this? I noticed that the "disclaimer" is added in the source returned by the server, so I assume there is some code that checks whether the post is present on the home page? If so, that could be dangerous, if there is a bug in that code such that a malicious payload in the URL could get RCE in your server process.
I've just added some defensive programming to the site. Sorry to say. Appreciate that you hacked it with your image onerror, pretty clever.
TBH I haven't thought about most of these things. Nobody typically reads my blogs when I've made them before and this is likely the only interest it will get for quite a while.
So if the author fix a small typo in the post, they break all the links to it. The blog is not "stateless", it’s just that its state is stored in the homepage. Having all posts on that page with anchor links would achieve the same thing with shorter links that don’t depend on the content.
> Anything can be generated here. You could even host your own blog that uses my website as a renderer if you really wanted to. It supports markdown.
> Every post that I want to publicly claim authorship of lives at the root of this site. If you are reading a post that I have claimed it will look like this page. Posts of unknown authorship have a disclaimer at the top of the page.
>Posts of unknown authorship have a disclaimer at the top of the page.
Problem is, the posts can contain <script> elements. So it's easy to just write a little JavaScript that removes the disclaimer at the top. See this hastily-made, immature example of mine:
The only thing I can think of is if they want to share controversial posts while having the ability to deny that they wrote it (as long as they don’t actually create a link to it from their own site).
It’s not a good use case IMO, but that is all I can think of lol
Huh, cool. I think it's a pretty terrible idea, but I'm glad people are still doing fun/creative things with websites. Keeping the spirit of the early web alive. haha :)
> Every post that I want to publicly claim authorship of lives at the root of this site. If you are reading a post that I have claimed it will look like this page. Posts of unknown authorship have a disclaimer at the top of the page.
Very clever. For those wondering, this won't gunzip since it's compressed using zlib. you must do a chain like this: URL Decode -> Base64 Decode -> Zlib Inflate.
for sure, there's awareness and then there's disregard of any basic web security.
the second they start hosting any application/backend/cookie-enabled thing on this domain name, anyone could inject a script via their /post/ gzip-base64 scheme, and do bad things...?
I don't think html sanitization would go against the principle of this idea. just... at the very least strip the tags! :-)
It took a long time to change 100s of passwords and migrate off of LastPass, but I’m glad I did. Not sure why anyone would trust their security to them at this point.
I wanted to see what you could do to train GPT on custom data. Fine tuning was a dud but I was amazed at what composition tools like LangChain were able to accomplish even on a small dataset.
time to attach a twelve year old HP laserjet with ethernet interface, those things can churn out thousands of pages in a day in a law office environment.
SEEKING WORK | Based in Laramie, Wyoming looking for remote work
I'm looking to team up with an early stage startup to help them build their MVP to get them to their next round of funding.
I'm a full stack web and mobile application developer with over a decade of experience building a wide variety of apps for companies big and small. I've worked alone and I've also lead teams. I love Elixir & Phoenix, Ruby & Rails, React, React Native, Relay, and GraphQL.
I've got a portfolio at https://carterparks.com but I'd love to get on the phone to talk to you about your project. Shoot me an email: carter@carterparks.com.
I've always said, the easiest part of building software is "making something work." The hardest part is building software that can sustain many iterations of development. This requires abstracting things out appropriately which LLMs are only moderately decent at and most vibe coders are horrible at. Great software engineers can architect a system and then prompt an LLM to build out various components of the system and create a sustainable codebase. This takes time an attention in a world of vibe coders that are less and less inclined to give their vibe coded products the attention they deserve.
reply