@whimsical The one biggest downside of JWT is that you cannot invalidate a token without also completely removing the efficiency gains that JWT has to offer. I mean, if you want the ability to invalidate tokens after they're issued, you'd need a database call on EVERY JWT validation, which totally defeats the purpose of JWT in the first place. The most common resolution to this is short expiry dates (1-15 minutes)

@whimsical I think you're confused about the purpose of JWT. It doesn't replace or compete with the typical web token (which could be as simple as 32 bytes of entropy that is handled 100% of the back-end)

JWT is about storing identity information in a way that you can validate the SOURCE of the token. It's a beautifully simple design that includes only three parts: the header (format info about the token itself) the payload (JSON encoded freeform data) and the signature.

Play around with it on this great site, maybe your mind will be changed: https://www.jwt.io/

Here's a cool tip: with JWT, your web server can validate the identity of a user WITHOUT calling the user info and/or session databases.

@whimsical is that not the point? You're gonna need to be less cryptic

@whimsical JWT is great - simpler than SAML with its XML tokens, and more secure with a signature already in the basic spec. What's wrong with it?

@whimsical again, I agree to some level and disagree at another. Security at it's core is a difficult thing. Look at SSL/ TLS and the fact that you really aren't supposed to roll your own encryption unless you're an EXPERT.

The *core* of security is a complicated science, and is currently a subset of math more than anything else.

Things like session, federated identity, JWT, and encryption at rest are the most complicated things a typical organization should need to deal with. I can tell you from implementing these things across 2 different tech stacks and 3 different frameworks, that this is a heavily architectural task and leaks in the boat can be devastating.

@whimsical you might be right about that, but largely on a superficial level. Yes, LLMs tend to do the grunt work that (myself included) organic programmers tend to avoid such as validation. But this is just the basics of security, the really important security is almost always architectural, which LLMs fail at spectacularly in general.

@whimsical Understandable, anxiety manifests itself in many different ways. At it's base, it's an uneasy feeling.

Different types of anxiety influence the symptoms. How uneasy do you feel? On a range from are you uncomfortable, or do you literally believe you are going to die?

Physical symptoms for me are like when you realize you messed up really bad - sweating, inability to sit still or sit at all, overwhelming sense that something terrible has or will happened.

People with anxiety also have their OWN symptoms on a spectrum. My general day-to-day anxiety is not as severe as I have described.

@whimsical any drug can have bad effects when abused, some are more dangerous than others. That's why amphetamines get their bad rap.

Most recreational drugs today are misunderstood due to stigma. It's a tragedy, but the times will change and are slowly.

Due to my anxiety, I avoid uppers and instead prefer downers.

@jestdotty That's a neat concept. Like code golf, but for LLMS: prompt golf. Use the shortest prompt to get the LLM to actually work correctly.

Ah, nevermind. You'd never get it below a paragraph.

Was this entire post AI generated? We don’t have hashtags here.

@whimsical I do feel threatened by it, but would feel moreso if I was a junior. LLMs can pass for junior devs mostly because thinking back to my first internship and first year of my first job, I was a fucking bonehead. LLM could probably out-perform me on my best days back then.

It would take a lot for an LLM to out-architect me these days. It would need to be an extraordinarily lucky day for the LLM with a prompt that basically give it the answer.

As the LLM race cools down, I'm accepting LLMs into my workflow as code reviewers, rubber duckies, and boilerplate generators. I do not give it any further tasks because I do not trust it with further tasks, based on both my emotions and genuine experience.

@whimsical I actually agree with LLM as an assistant. Boilerplate code has almost never really been written by good devs. Either it comes from your IDE or it comes from stack overflow, but I hardly ever fucking write the small, self-contained code that LLMs spit out very well.

The process of learning tools, commands, and frameworks is FUN for me and what I assume to the be the majority of other devs that are devs because they LIKE programming. OP has flipped that idea on it's head which is probably why I'm so personally upset by the idea.

@stackodev in a similar way to how leaded gasoline lowered the global IQ of humanity, I think vibe coding is going to increase the global number of vulnerabilities/ hacks globally as code that was written without any organic intelligence meets the market. Not to mention an enormous increase in shitty bloatware and enshittification of existing products.

The tragedy - even if you don't use crappy LLM code in your product, it might appear somewhere in your supply chain anyways. What a shame.

@stackodev Modern models make less mistakes but they're almost always difficult to spot. Ask me why I know so much about two-way binding in Blazor. Too late, I'll tell you. It's because an LLM gave me code that looked right, I didn't bother to read about two-way binding in Blazor beforehand, and I wasted a few hours and STILL had to learn it myself anways.

Granted, this was GPT and GPT is much worse at code. But all LLMs fall into the same traps, just at different rates. They're all the same tech with different datasets.

Funny you should mention architecture - LLMs are so awful at it that I don't think any LLM has successfully generated something more complex than a chat app on its own. It also has some trouble following existing architecture, though that is generally not as big a problem as other problems with vibe coding.

Yeah this works until something subtle goes wrong (which happens to be the MOST common type of issue that LLMs produce) and you're dead in the water.

You're right - you deserve to be roasted for falling short of expertise your entire career and celebrating the offload of cognitive work to an unreliable machine.

If you never got good at programming, maybe you should have stopped trying.

If you work with a new framework, tool, whatever - your job is to be able to learn it, and quickly. This doesn't happen naturally and requires research and practice. Maybe you did these things and had a hard time for reasons beyond your control. Who knows.

Bottom line is, if it never worked for you before, this solution might seem good now but you're BONED the moment it doesn't work right.

The answer is in the question.

Find something you're pretty interested in, is somewhat niche in the community (not every dev knows it) and become an expert in it. Maybe like SignalR or Redis or whatever. A tech that is in the middle of the road for widespread devs and widespread usage.

Then, apply to jobs where that's important. You might start off by looking for examples of tech in your area via job boards.

My chatbot fatigue is reaching a fucking boiling point man.

I can guarantee the reason things like filters and sorts don't persist across sessions is because it would be WAY too confusing to most users - and to the rest, it would be too annoying (having to constantly clean up any state you had from 3 months ago just to perform a search, etc)

Tokens for the sake of tokens, just to tokenize tokens and token about the toke market.

AI stagnation is starting to drive hype train riders nuts lmao.

Don't worry man, I'm sure GPT-6 will be something noteworthy and not just another marketing scam by Scam Altman

General consensus is this is the start of the optimization phase for LLMs while we wait for the next big thing.

5 isn’t really any better than 4, but it is more efficient.

Meh. Salesforce got hacked. Saying Google got hacked is like if someone broke into a post office and you described it as “man invades federal government solo”

It’s like yes…….. but no

@MM83 and I've never been in a school shooting. I wasn't asking about your personal experience.

@atheist stabbing death by % of deaths in US: 0.05% UK 0.01%

Both are negligible, frankly.

The strange thing is giving up your access to knives and tools for the 0.01% figure.

Utility classes can be really nice

.text-center .no-select .text-muted .text-bold

I think I draw the line when we’re doing this:

.d-flex.align-items-center.justify-content-center

Define a single class that does all of that! Don’t write inline CSS and use utility classes as an excuse!

I don’t care what the words are, God’s perfect order of dimensions is (x, y)

@atheist I think if I ever need to write another hpp file I will break down and cry

People say this app is dead but then threads blow up like this

At least it's HTTP and not TLS/SSL/AES... that shit makes it orders of magnitude more complicated. Almost worth setting up an HTTPS -> HTTP downgrade proxy....

@12bitfloat I’m not being stupid. There are punishments for crimes against humanity. If you murder someone, you’re put in jail for the rest of your life (or sometimes killed). If you deny healthcare access to millions of people just to increase profits, then one of those people is gonna kill you. It’s how we remind people in power that they have a duty and there are consequences. It’s rational and I’m not changing my mind on the matter.

@12bitfloat both my rational and emotional side disagree. Luigi is a justified martyr and healthcare professionals should be mortally afraid of denying health purely for profit reasons.