HackerTrans
TopNewTrendsCommentsPastAskShowJobs

formrecap

no profile record

comments

formrecap
·il y a 3 mois·discuss
The concept of blind spots in same-model auditing is sound, but I'm skeptical that just adding "orthogonal" to a prompt solves it. Which axis was the model using before? Which should it use next? Without knowing that, you're just hoping for variety.

What actually works in my experience is two things:

First, prompting with specific personas. "You are a security auditor looking for multi-tenant isolation failures" unlocks genuinely different reasoning from "review this code." The lens matters more than the word "orthogonal" — it gives the model a concrete perspective to reason from.

Second — and I think this gets overlooked — anchoring AI review in deterministic tooling. Semgrep, ESLint, dependency audits. These tools have been catching bugs reliably for years. A model asked to "review this code" will always find something — they're trained to be helpful, I've never had one say "nope, it's perfect." But pairing that with deterministic tools gives you consistency and catches the things models miss by construction.

It's not really new. It's just working with AI agents the way you'd work with another team member — while knowing their limitations (like regurgitating semantically similar ideas when asked the same question twice).
formrecap
·il y a 3 mois·discuss
This is delightful. The legalese version had me until "governing disputes by coin flip" — perfect escalation.

Curious about the tech — Workers + D1 is a great fit for something like this. How are you handling the wildcard subdomain routing? And is the resvg-wasm for generating OG images per disclaimer?
formrecap
·il y a 3 mois·discuss
This resonates. I run sites behind Cloudflare and the cache hit ratio drop from bot traffic is noticeable. The two-tier approach makes sense — human traffic is latency-sensitive and follows power-law access patterns, bot traffic is throughput-sensitive and sequential.

The interesting question is whether tiered caching also changes how you think about cache-control headers as a site operator. Right now I set s-maxage assuming mixed human+bot traffic. If Cloudflare handles the separation at the infrastructure level, operators could tune for human patterns without worrying about bots thrashing the edge cache.
formrecap
·il y a 3 mois·discuss
VSCode + Claude Code. The combination works well for solo development — Claude handles the implementation, I handle the architecture and judgment calls.

A few things I've learned:

Tests were important before AI and are even more important now. AI can introduce unintended outcomes in subtle ways, so having a strong test suite isn't optional — it's your safety net against changes you didn't fully review.

Just because you can doesn't mean you should. AI makes it trivially easy to refactor, swap frameworks, rebuild entire modules. But it doesn't mean you should rework everything daily to chase the newest JS framework. Restraint matters more now, not less.

The biggest limitation: AI follows patterns from the most common repos. For standard work that's fine — often it's exactly what you need. But when you hit what I'd call "unsolved problems" — things that don't have an industry-accepted solution yet — AI falls apart. It'll confidently generate something that looks right but isn't. That's where knowing how to plan, prompt with the right context, and recognise when the output is wrong becomes the actual skill.