Now my manager expects me to be 10x more productive, which basically means churning out 10x more PRs.
How on earth are we going back to LoC as a measure of productivity?
So people are burning an insane amount of tokens and churning out useless PRs. Folks are more burned out than ever.
Google's testing on the toilet was an attempt to teach folks how to write better tests. Maybe something like this
testing.googleblog.com/2007/01/intr...
I had fun reading this. I find it more interesting to learn about folks you typically don’t hear about on YouTube or podcasts.
Also the misc section was a nice touch - checking out Salt of the Earth 😄
Literally no other profession will consider you ready to contribute to their field with some tool that enhances your ability.
Yet everyone trying out claude code for 2 minutes is under the impression that they can now take on any giga chad programmer.
EMs, PMs, & designers are being asked to push code w/ agents. Now they are setting 1:1s w/ devs to discuss their slop.
Plus, I’m sure I’ll be the one paged when that code causes an incident.
Would you feel comfortable if a quack with a robot wanted to operate on you? You wouldn't.
We have a ~1000, which I felt like a lot.
Better than
you wanted to build something
you ended up vibing, learning nothing, & with no product/project to show for
But auth is still the deterrent for me trying out different AI products as well. I see the oauth2 workflow and I peace out.
Personally, auth is the biggest hurdle for me when trying out different things quickly.
In the past, I’d dread going to IAM & would miss out on experimenting w/ so many Google/AWS services.
I was delighted when LLM providers gave us API keys instead of all this. If I mess up, it’s on me.
Thank you for reading those. I have been writing a bit more recently as my workplace is picking up Go at a massive scale.
It's easier to give a link to a concept rather than having to explain it over and over again. I'm surprised that anyone else is finding them useful :)
All I am seeing is poopy code requiring 2x rounds of reviews to avoid causing incidents.
The convos are still skirting around code generation whereas code validation through qa, code review, & rigorous automation testing are getting more important than ever.
Everyone is yapping about how productive they are but few are talking about how they are validating all these generated code.
Blog post covering what I'm discussing in my #bsidessf talk on git commit signing with SSH certificates: codon.org.uk/~mjg59/blog/...
In my book, if all that knowledge munging and second brain BS don't have any tangible output - like published work or actual revenue generating artifact - it’s a waste of time.
Processes need to have some concrete outcome to justify their existence.
It's easy to get into the trap of tinkering with tools indefinately rather than creating.
Another version of this is spending a bazillion hours tweaking a personal blog only to have a single entry there explaining the tech stack of the blog.
Have you actually gotten a pen that's usable? I got a few from Mongo & Snowflake, which were terrible.
There is literally zero reason why anyone should start their backend in TypeScript now.
Since everyone is yapping about how coding is a solved problem, if we collectively admit that, doesn’t it mean we might as well start a project in a “real” language?
As someone who, while growing up, had measles, rubella, and many other horrible illnesses now preventable by vaccination, I simply cannot fathom why people want to revert to that time. I spent a lot of time in bed or at the hospital as a child. Yes, I survived, but not by much.
Why go back there?
Finished Dan Brown’s latest thriller, The Secret of Secrets.
Oh man, 700 pages of a roller coaster ride. This one ties with Inferno as my favorite book by the author.
I also read it a few months after my visit to Prague, which made putting things into context much easier.
Auth, crypto, and security in general. People secretly hate them and only tolerate them because they have to. So the lesser the friction, the better.
Any sufficiently advanced AI agent is indistinguishable from a rootkit.
I’ve always wondered why most enterprise code sucks compared to OSS code, despite having far more focused resources.
Now I know why!
These how I slop posts are getting tiresome. Quit pretending there's any skill involved in slop munging.
'We' as in "we are venom"
"AI will fix this"
Dependabot security alerts have terrible signal-to-noise ratio, especially for Go vulns. That hurts security!
Just turn it off and set up a pair of scheduled GitHub Actions, one running govulncheck and the other running CI with the latest version of your deps.
Less work, less risk, better results!
I stopped reading feedbacks long ago. Most anon sites bring up the worst in people.
On reddit and hn, all you have is a handle. So some people feel like they can do whatever.
+1
I wish that those surveys so often cited by InfoSec pundits that ask
Do you fully trust AI output?
Do you always verify AI output?
also asked
Do you fully trust your colleagues' output?
Do you always verify your colleagues' output?
Just to have comparative numbers, you know.
There's no way to stop the influx of generated prs. Filtering them out has become a burden.
It's happening in repos too. Push back & you get flagged as a luddite.
The only thing between slop & a healthy system is human judgment. But somehow with agentic degeneracy, we seem to have lost it.